10139 files changed, 380865 insertions, 0 deletions

diff --git a/tests/tests/README b/tests/tests/README
new file mode 100644
index 0000000..2e5fdf8
--- /dev/null
+++ b/tests/tests/README
@@ -0,0 +1,19 @@
+This testsuite is NOT SECURE: it will temporarily change your passwords file
+with known passwords.
+You should run it on a chroot, or on a secured dedicated system.
+
+
+
+To test a Debian system:
+	$ mkdir sid-chroot
+	$ sudo debootstrap sid sid-chroot/ http://deb.debian.org/debian/
+edit or copy a sources.list
+	$ sudo cp /etc/apt/sources.list sid-chroot/etc/apt/
+edit or copy a resolv.conf
+	$ sudo cp /etc/resolv.conf sid-chroot/etc/
+	$ su - root -c "chroot sid-chroot/ /bin/bash"
+	# mount -t proc proc /proc
+	# mount -t devpts devpts /dev/pts
+	# aptitude update
+	# aptitude install expect
+	# cd /dev ; mknod --mode=666 /dev/ptmx c 5 2
diff --git a/tests/tests/bug332198-test.exp b/tests/tests/bug332198-test.exp
new file mode 100755
index 0000000..fd365bb
--- /dev/null
+++ b/tests/tests/bug332198-test.exp
@@ -0,0 +1,61 @@
+#!/usr/bin/expect -f
+
+# This is a script for repeatedly logging into the localhost
+# using `rlogin` in order to apparently see a symptoms described
+# in bug #332198.
+# As described in the bug log, sometimes `rlogind` will fail to
+# establish a connection, because it starts "login" process and
+# the latter fails with "unable to determine TTY name, got /dev/pts/1"
+# message.
+# 
+# BUGS
+# 
+# * the script rlogins to localhost
+# * the script doesn't handle passwdord prompt, because it's intended
+#   to use .rhosts auth and expects shell prompt immediately after
+#   `rlogin`
+# * the regexp for shell prompt is hardcoded
+
+log_user 0
+match_max 8192
+
+while {1} {
+    set rlogin_spawn [spawn rlogin localhost]
+    if { $rlogin_spawn == 0 } { exit 1 }
+    expect {
+	-timeout 10 -re "^.*(Last login\[^\r\n\]*).*\n(\[^\r\n\]*\[#$\] )$" {
+	    send_error "$expect_out(1,string)\n"
+	    send_error "$expect_out(2,string)\n"
+#	    send_error "$expect_out(0,string)\n"
+	}
+	timeout {
+	    send_error "TIMEOUT/prompt\n"
+	    send_error "$expect_out(buffer)\n"
+	    send_error "RETRYING\n"
+	    log_user 1
+	    send "tty /\r"
+	    expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {}
+	    send "tty /\r"
+	    expect -timeout 2 -re "^.*\r?\n(\[^\r\n\]*# )$" {}
+	    send_error "\n"
+	    exit 2
+	}
+    }
+    send "tty\r"
+    expect {
+	-timeout 4 -re "tty\r?\n(\[^\r\n\]*)\r?\n(\[^\r\n\]*\[#$\] )$" {
+	    send_error "$expect_out(2,string)$expect_out(1,string)\n"
+#	    send_error "$expect_out(0,string)\n"
+	}
+	timeout { send_error "TIMEOUT/tty\n" ; exit 3 }
+    }
+    send "exit\r"
+    expect {
+	-timeout 2 eof {
+#	    send_error "OK4: EOF\n"
+	}
+	timeout { send_error "TIMEOUT/eof\n" ; exit 4 }
+    }
+    wait
+}
+# vi: set sw=4:
diff --git a/tests/tests/bug334803-test.exp b/tests/tests/bug334803-test.exp
new file mode 100755
index 0000000..19d9334
--- /dev/null
+++ b/tests/tests/bug334803-test.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect --
+
+# This is a script for switching to another user and then
+# suspending (`suspend -f`) and resuming (`fg`) his shell
+
+package require cmdline
+set opts {
+    {s.arg "sudo su -"	"user switching method"}
+    {u.arg ""		"username to switch to"}
+}
+set usage ": \[options]\noptions:"
+array set conf [::cmdline::getoptions argv $opts $usage]
+
+log_user 1
+match_max 8192
+expect_after {
+    timeout { send_error "TIMEOUT\n" ; exit 1 }
+    eof     { send_error "EXITED\n" ; exit 2 }
+}
+set timeout 2
+
+# user switching command, by default `sudo su -`
+set swcmd $conf(s)
+# ending of typical shell prompt (zsh/sh):
+set shpmt "(%|#|\\$) \\Z"
+catch {set shpmt $env(EXPECT_PROMPT)}
+# initial username:
+set user0 [exec id -un]
+# user we switch to (with $swcmd), by default initial user
+if {$conf(u) != ""} {set swuser $conf(u)} else {set swuser $user0}
+
+# 1. start shell
+spawn bash
+expect -re "$shpmt" {}
+
+# 2. sudo-ing swuser's shell:
+send "$swcmd $swuser\r"
+expect {
+    -re "$swuser.*$shpmt" {}
+    -re "assword: ?\\Z" {
+	stty -echo
+	expect_user -timeout -1 -re "(.*)\n" {set swpwd $expect_out(1,string)}
+	stty echo
+	send "$swpwd\r"
+	expect -re "$swuser.*$shpmt" {}
+    }
+}
+
+# 3. getting pid and ppid of swuser's shell (needed for 5b):
+send "echo \$\$:\$PPID\r"
+expect -re "(?n)^(\[\[:digit:\]\]*):(\[\[:digit:\]\]*)\r?\n(.*)$shpmt" {}
+set swpid  $expect_out(1,string)
+set swppid $expect_out(2,string)
+
+#send_error "$user0:$swpid:$swppid\n"
+
+# 4. suspending swuser's shell (trying to return to parent shell):
+send "suspend -f\r"
+expect {
+    -re "$shpmt" {
+	# 5a. got to parent shell -- resuming swuser's shell by `fg`:
+	send "fg\r"
+	set hung no
+    }
+    timeout {
+	# 5b. `suspend -f` has hung -- resuming swuser's shell by SIGCONT:
+	send_error "kill $swppid\n"
+	send_error [exec kill -CONT $swppid]
+	set hung yes
+    }
+}
+expect -re "$shpmt" {}
+
+# 6. exiting [both] shells
+#set swstat [wait -nowait]
+#send_error [pid]:[exp_pid]:$swstat\n
+send "exit\rexit\r"
+expect eof {}
+#send_error [wait -nowait]\n
+#exec kill -KILL -[exp_pid]
+if {$hung} {send_error "BUGGY\n" ; exit 3 }
+
+# vi:set sw=4:
diff --git a/tests/tests/chage/01/data/chage1 b/tests/tests/chage/01/data/chage1
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage1
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage2 b/tests/tests/chage/01/data/chage2
new file mode 100644
index 0000000..7efdc0c
--- /dev/null
+++ b/tests/tests/chage/01/data/chage2
@@ -0,0 +1,7 @@
+Last password change					: Jul 28, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 1
+Maximum number of days between password change		: 99996
+Number of days of warning before password expires	: 5
diff --git a/tests/tests/chage/01/data/chage3 b/tests/tests/chage/01/data/chage3
new file mode 100644
index 0000000..a263db9
--- /dev/null
+++ b/tests/tests/chage/01/data/chage3
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 01, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage4 b/tests/tests/chage/01/data/chage4
new file mode 100644
index 0000000..11e2f2d
--- /dev/null
+++ b/tests/tests/chage/01/data/chage4
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 02, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage5 b/tests/tests/chage/01/data/chage5
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage5
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage6 b/tests/tests/chage/01/data/chage6
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage6
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage7 b/tests/tests/chage/01/data/chage7
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/01/data/chage7
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/01/data/chage7b b/tests/tests/chage/01/data/chage7b
new file mode 100644
index 0000000..0cea901
--- /dev/null
+++ b/tests/tests/chage/01/data/chage7b
@@ -0,0 +1,7 @@
+Last password change					: Jul 26, 2005
+Password expires					: Aug 09, 2005
+Password inactive					: Sep 13, 2005
+Account expires						: Jul 27, 2012
+Minimum number of days between password change		: 13
+Maximum number of days between password change		: 14
+Number of days of warning before password expires	: 9
diff --git a/tests/tests/chage/01/data/chage8 b/tests/tests/chage/01/data/chage8
new file mode 100644
index 0000000..25151a2
--- /dev/null
+++ b/tests/tests/chage/01/data/chage8
@@ -0,0 +1 @@
+chage: user 'myuser8' does not exist in /etc/passwd
diff --git a/tests/tests/chage/01/data/group b/tests/tests/chage/01/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/01/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/01/data/gshadow b/tests/tests/chage/01/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/01/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/01/data/passwd b/tests/tests/chage/01/data/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/01/data/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/01/data/shadow b/tests/tests/chage/01/data/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/01/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/01/data/usage b/tests/tests/chage/01/data/usage
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/01/data/usage
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/01/run b/tests/tests/chage/01/run
new file mode 100755
index 0000000..4434fcf
--- /dev/null
+++ b/tests/tests/chage/01/run
@@ -0,0 +1,206 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage options
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+echo -n "testing option -l"
+chage -l myuser1 > tmp/out
+diff -au data/chage1 tmp/out
+echo -n .
+chage -l myuser2 > tmp/out
+diff -au data/chage2 tmp/out
+echo -n .
+chage -l myuser3 > tmp/out
+diff -au data/chage3 tmp/out
+echo -n .
+chage -l myuser4 > tmp/out
+diff -au data/chage4 tmp/out
+echo -n .
+chage -l myuser5 > tmp/out
+diff -au data/chage5 tmp/out
+echo -n .
+chage -l myuser6 > tmp/out
+diff -au data/chage6 tmp/out
+echo -n .
+chage --list myuser7 > tmp/out
+diff -au data/chage7 tmp/out
+echo -n .
+msg=$(chage -l myuser8 2> tmp/out) || err=$?
+[ "$err" = "1" ] && [ "$msg" = "" ] || exit 1
+diff -au data/chage8 tmp/out
+echo .
+
+echo "testing option -d"
+chage -d 2001-10-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:11597:0:99999:7:1::' ] || exit 1
+echo "testing option -d -1"
+chage -d -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:1::' ] || exit 1
+echo "testing option -d 0"
+chage -d 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:99999:7:1::' ] || exit 1
+echo "testing option --lastday"
+chage --lastday 2011-11-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1::' ] || exit 1
+
+echo "testing option -E"
+chage -E 2010-10-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:14884:' ] || exit 1
+echo "testing option -E -1"
+chage -E -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1::' ] || exit 1
+echo "testing option -E 0"
+chage -E 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:0:' ] || exit 1
+echo "testing option --expiredate"
+chage --expiredate 2020-02-02 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:18294:' ] || exit 1
+
+echo "testing option -I"
+# NOTE: I could pass a date to -I
+chage -I 42 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:42:18294:' ] || exit 1
+echo "testing option -I -1"
+# NOTE: this behavior is not documented
+chage -I -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7::18294:' ] || exit 1
+echo "testing option -I 0"
+# NOTE: We should check that this is the expected behavior
+chage -I 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:0:18294:' ] || exit 1
+echo "testing option --inactive"
+chage --inactive  12 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1
+
+echo "testing option -m"
+chage -m 24 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:24:99999:7:12:18294:' ] || exit 1
+echo "testing option -m -1"
+# NOTE: this behavior is not documented
+chage -m -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280::99999:7:12:18294:' ] || exit 1
+echo "testing option -m 0"
+chage -m 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1
+echo "testing option --mindays"
+chage --min 1 myuser7
+# NOTE: that shouldn't have work
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:99999:7:12:18294:' ] || exit 1
+
+echo "testing option -M"
+chage -M 25 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:25:7:12:18294:' ] || exit 1
+echo "testing option -M -1"
+# NOTE: this behavior is not documented
+chage -M -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1::7:12:18294:' ] || exit 1
+echo "testing option -M 0"
+chage -M 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:0:7:12:18294:' ] || exit 1
+echo "testing option --maxdays"
+chage --max 2 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:7:12:18294:' ] || exit 1
+
+echo "testing option -W"
+chage -W 26 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:26:12:18294:' ] || exit 1
+echo "testing option -W -1"
+# NOTE: this behavior is not documented
+chage -W -1 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2::12:18294:' ] || exit 1
+echo "testing option -W 0"
+chage -W 0 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:0:12:18294:' ] || exit 1
+echo "testing option --warndays"
+chage --warndays 3 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:3:12:18294:' ] || exit 1
+
+echo "testing with all options"
+chage -d 2030-03-02 -E 1979-11-24 -I 10 -m 11 -M 12 --warndays 4 myuser7
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:21975:11:12:4:10:3614:' ] || exit 1
+
+echo "interactive test"
+./run1.exp
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:' ] || exit 1
+
+echo "interactive test (default)"
+./run2.exp
+ent=$(getent shadow myuser7)
+[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:' ] || exit 1
+chage -l myuser7 > tmp/out
+diff -au data/chage7b tmp/out
+
+echo "usage"
+chage -h > tmp/out || {
+	if [ "$?" != "2" ]; then false; fi
+}
+diff -au data/usage tmp/out
+
+echo "OK"
diff --git a/tests/tests/chage/01/run1.exp b/tests/tests/chage/01/run1.exp
new file mode 100755
index 0000000..0160fb1
--- /dev/null
+++ b/tests/tests/chage/01/run1.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser7
+expect -re "Minimum Password Age .11\]: "
+send "13\r"
+expect -re "Maximum Password Age .12\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2030-03-02\]: "
+send "2005-07-26\r"
+expect -re "Password Expiration Warning .4\]: "
+send "9\r"
+expect -re "Password Inactive .10\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .1979-11-24\]: "
+send "2012-07-27\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/01/run2.exp b/tests/tests/chage/01/run2.exp
new file mode 100755
index 0000000..f4f342f
--- /dev/null
+++ b/tests/tests/chage/01/run2.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser7
+expect -re "Minimum Password Age .13\]: "
+send "\r"
+expect -re "Maximum Password Age .14\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-26\]: "
+send "\r"
+expect -re "Password Expiration Warning .9\]: "
+send "\r"
+expect -re "Password Inactive .35\]: "
+send "\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .2012-07-27\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/02/data/group b/tests/tests/chage/02/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/02/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/02/data/gshadow b/tests/tests/chage/02/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/02/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/02/data/passwd b/tests/tests/chage/02/data/passwd
new file mode 100644
index 0000000..5bec374
--- /dev/null
+++ b/tests/tests/chage/02/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/02/data/shadow b/tests/tests/chage/02/data/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chage/02/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chage/02/run b/tests/tests/chage/02/run
new file mode 100755
index 0000000..a792f0c
--- /dev/null
+++ b/tests/tests/chage/02/run
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage with bogus inputs
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+echo "interactive test"
+./run.exp $(date "+%Y-%m-%d")
+
+echo "OK"
diff --git a/tests/tests/chage/02/run.exp b/tests/tests/chage/02/run.exp
new file mode 100755
index 0000000..0dbb27d
--- /dev/null
+++ b/tests/tests/chage/02/run.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+proc expect_error {} {
+	expect {
+		"chage: error changing fields" {
+			expect {
+				eof {
+				} default {
+					puts "\nFAIL"
+					exit 1
+				}
+			}
+		} default {
+			puts "\nFAIL"
+			exit 1
+		}
+	}
+}
+
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send -- "-2\r"
+expect_error
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send "foo\r"
+expect_error
+
+# chage accepts to be given only spaces
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send -- "   \r"
+#expect_error
+#
+#chage may not parse all the arguments.
+#This may be a problem is a date is provided instead of just a number
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send -- "1 2\r"
+#expect_error
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send "11\r"
+expect -re "Maximum Password Age .99999\]: "
+send -- "-2\r"
+expect_error
+
+spawn /usr/bin/chage myuser
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "foo\r"
+expect_error
+
+# chage should verify the range of the arguments
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send "\r"
+#expect -re "Maximum Password Age .99999\]: "
+#send "100000\r"
+#expect_error
+
+#spawn /usr/bin/chage myuser
+#expect -re "Minimum Password Age .0\]: "
+#send "\r"
+#expect -re "Maximum Password Age .99999\]: "
+#send "\r"
+#expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-25]: "
+#send "12\n"
+#expect_error
+
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/03_chsh_usage/chage.test b/tests/tests/chage/03_chsh_usage/chage.test
new file mode 100755
index 0000000..db6200c
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/chage.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chage usage (chage -h)..."
+chage -h >tmp/usage.out
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/03_chsh_usage/config.txt b/tests/tests/chage/03_chsh_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config.txt
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/group b/tests/tests/chage/03_chsh_usage/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/gshadow b/tests/tests/chage/03_chsh_usage/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/passwd b/tests/tests/chage/03_chsh_usage/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/03_chsh_usage/config/etc/shadow b/tests/tests/chage/03_chsh_usage/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/03_chsh_usage/data/usage.out b/tests/tests/chage/03_chsh_usage/data/usage.out
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/03_chsh_usage/data/usage.out
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/chage.test b/tests/tests/chage/04_chsh_usage_invalid_option/chage.test
new file mode 100755
index 0000000..1ba8163
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when an invalid option is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with an invalid option (chage -Z bin)..."
+chage -Z bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config.txt b/tests/tests/chage/04_chsh_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config.txt
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/group b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/04_chsh_usage_invalid_option/data/usage.out b/tests/tests/chage/04_chsh_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..4428283
--- /dev/null
+++ b/tests/tests/chage/04_chsh_usage_invalid_option/data/usage.out
@@ -0,0 +1,17 @@
+chage: invalid option -- 'Z'
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/05_chsh_usage_2_users/chage.test b/tests/tests/chage/05_chsh_usage_2_users/chage.test
new file mode 100755
index 0000000..5860393
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when 2 users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with 2 users (chage -I 12 bin nobody)..."
+chage -I 12 bin nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config.txt b/tests/tests/chage/05_chsh_usage_2_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config.txt
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/group b/tests/tests/chage/05_chsh_usage_2_users/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/gshadow b/tests/tests/chage/05_chsh_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/passwd b/tests/tests/chage/05_chsh_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/05_chsh_usage_2_users/config/etc/shadow b/tests/tests/chage/05_chsh_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/05_chsh_usage_2_users/data/usage.out b/tests/tests/chage/05_chsh_usage_2_users/data/usage.out
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/05_chsh_usage_2_users/data/usage.out
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/06_chsh_usage_no_users/chage.test b/tests/tests/chage/06_chsh_usage_no_users/chage.test
new file mode 100755
index 0000000..0851d6e
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when no users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage without an user (chage -I 12)..."
+chage -I 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config.txt b/tests/tests/chage/06_chsh_usage_no_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config.txt
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/group b/tests/tests/chage/06_chsh_usage_no_users/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/gshadow b/tests/tests/chage/06_chsh_usage_no_users/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/passwd b/tests/tests/chage/06_chsh_usage_no_users/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/06_chsh_usage_no_users/config/etc/shadow b/tests/tests/chage/06_chsh_usage_no_users/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/06_chsh_usage_no_users/data/usage.out b/tests/tests/chage/06_chsh_usage_no_users/data/usage.out
new file mode 100644
index 0000000..19177f7
--- /dev/null
+++ b/tests/tests/chage/06_chsh_usage_no_users/data/usage.out
@@ -0,0 +1,16 @@
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/chage.test b/tests/tests/chage/07_chsh_usage-l_exclusive/chage.test
new file mode 100755
index 0000000..9036f09
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/chage.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-m 12" "-M 12" "-d 2011-09-11" "-W 12" "-I 12" "-E 2011-09-11"
+do
+	echo -n "Use chage with -l and $opt (chage -l $opt bin)..."
+	chage -l $opt bin 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config.txt b/tests/tests/chage/07_chsh_usage-l_exclusive/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config.txt
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/group b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/07_chsh_usage-l_exclusive/data/usage.out b/tests/tests/chage/07_chsh_usage-l_exclusive/data/usage.out
new file mode 100644
index 0000000..e6c2635
--- /dev/null
+++ b/tests/tests/chage/07_chsh_usage-l_exclusive/data/usage.out
@@ -0,0 +1,17 @@
+chage: do not include "l" with other flags
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/chage.test b/tests/tests/chage/08_chsh_usage_invalid_date/chage.test
new file mode 100755
index 0000000..90007fc
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-d 2011-09" "-E 2011-09-09-11"
+do
+	echo -n "Use chage with an invalid date (chage $opt bin)..."
+	chage $opt bin 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	d=$(echo $opt | cut -d' ' -f2)
+	sed -e "s/'$d'/'DATE'/" -i tmp/usage.out
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config.txt b/tests/tests/chage/08_chsh_usage_invalid_date/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config.txt
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/group b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/08_chsh_usage_invalid_date/data/usage.out b/tests/tests/chage/08_chsh_usage_invalid_date/data/usage.out
new file mode 100644
index 0000000..d284dd5
--- /dev/null
+++ b/tests/tests/chage/08_chsh_usage_invalid_date/data/usage.out
@@ -0,0 +1,17 @@
+chage: invalid date 'DATE'
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test
new file mode 100755
index 0000000..36d11e5
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-I -12" "-m -12" "-M -12" "-W -12" "-I a" "-m 12.5" "-M 12a" "-W a12"
+do
+	echo -n "Use chage with an invalid date (chage $opt bin)..."
+	chage $opt bin 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	v=$(echo $opt | cut -d' ' -f2)
+	sed -e "s/'$v'/'VAL'/" -i tmp/usage.out
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config.txt
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out
new file mode 100644
index 0000000..1ac46cf
--- /dev/null
+++ b/tests/tests/chage/09_chsh_usage_invalid_numeric_arg/data/usage.out
@@ -0,0 +1,17 @@
+chage: invalid numeric argument 'VAL'
+Usage: chage [options] LOGIN
+
+Options:
+  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
+  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -h, --help                    display this help message and exit
+  -I, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --list                    show account aging information
+  -m, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -M, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+  -R, --root CHROOT_DIR         directory to chroot into
+  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+
diff --git a/tests/tests/chage/10_chsh-l/chage.test b/tests/tests/chage/10_chsh-l/chage.test
new file mode 100755
index 0000000..394c981
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/chage.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage displays its usage message when -l is used with another option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for user in $(ls data/)
+do
+	echo -n "Get $user aging info (chage -l $user)..."
+	chage -l $user >tmp/$user
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/$user
+	echo "======================================================================="
+	echo -n "Compare with expected output..."
+	diff -au data/$user tmp/$user
+	echo "OK"
+	rm -f tmp/$user
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/10_chsh-l/config.txt b/tests/tests/chage/10_chsh-l/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config.txt
diff --git a/tests/tests/chage/10_chsh-l/config/etc/group b/tests/tests/chage/10_chsh-l/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/10_chsh-l/config/etc/gshadow b/tests/tests/chage/10_chsh-l/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/10_chsh-l/config/etc/passwd b/tests/tests/chage/10_chsh-l/config/etc/passwd
new file mode 100644
index 0000000..31046cf
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/passwd
@@ -0,0 +1,32 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
+myuser8:x:424249:424242::/home:/bin/bash
+myuser9:x:424250:424242::/home:/bin/bash
+myuser10:x:424251:424242::/home:/bin/bash
+myuser11:x:424252:424242::/home:/bin/bash
+myuser12:x:424253:424242::/home:/bin/bash
+myuser13:x:424254:424242::/home:/bin/bash
diff --git a/tests/tests/chage/10_chsh-l/config/etc/shadow b/tests/tests/chage/10_chsh-l/config/etc/shadow
new file mode 100644
index 0000000..4b81469
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/config/etc/shadow
@@ -0,0 +1,30 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
+myuser8:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:9999:7:1::
+myuser9:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:9999:7:1::
+myuser10:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0::7:1::
+#myuser11:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
diff --git a/tests/tests/chage/10_chsh-l/data/myuser1 b/tests/tests/chage/10_chsh-l/data/myuser1
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser1
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser10 b/tests/tests/chage/10_chsh-l/data/myuser10
new file mode 100644
index 0000000..8a9e5d1
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser10
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: -1
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser11 b/tests/tests/chage/10_chsh-l/data/myuser11
new file mode 100644
index 0000000..a54ec7a
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser11
@@ -0,0 +1,7 @@
+Last password change					: never
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: -1
+Maximum number of days between password change		: -1
+Number of days of warning before password expires	: -1
diff --git a/tests/tests/chage/10_chsh-l/data/myuser2 b/tests/tests/chage/10_chsh-l/data/myuser2
new file mode 100644
index 0000000..7efdc0c
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser2
@@ -0,0 +1,7 @@
+Last password change					: Jul 28, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 1
+Maximum number of days between password change		: 99996
+Number of days of warning before password expires	: 5
diff --git a/tests/tests/chage/10_chsh-l/data/myuser3 b/tests/tests/chage/10_chsh-l/data/myuser3
new file mode 100644
index 0000000..a263db9
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser3
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 01, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser4 b/tests/tests/chage/10_chsh-l/data/myuser4
new file mode 100644
index 0000000..11e2f2d
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser4
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: Jan 02, 1970
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser5 b/tests/tests/chage/10_chsh-l/data/myuser5
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser5
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser6 b/tests/tests/chage/10_chsh-l/data/myuser6
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser6
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser7 b/tests/tests/chage/10_chsh-l/data/myuser7
new file mode 100644
index 0000000..63debfb
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser7
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: Dec 11, 2032
+Password inactive					: Dec 12, 2032
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 9999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser8 b/tests/tests/chage/10_chsh-l/data/myuser8
new file mode 100644
index 0000000..4a3f4bd
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser8
@@ -0,0 +1,7 @@
+Last password change					: never
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 9999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/10_chsh-l/data/myuser9 b/tests/tests/chage/10_chsh-l/data/myuser9
new file mode 100644
index 0000000..09f6fdc
--- /dev/null
+++ b/tests/tests/chage/10_chsh-l/data/myuser9
@@ -0,0 +1,7 @@
+Last password change					: password must be changed
+Password expires					: password must be changed
+Password inactive					: password must be changed
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 9999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/chage.test b/tests/tests/chage/11_chsh_usage_invalid_user/chage.test
new file mode 100755
index 0000000..46d9d65
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns in case of invalid user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with an invalid user (chage -I 12 foo)..."
+chage -I 12 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config.txt b/tests/tests/chage/11_chsh_usage_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config.txt
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/group b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/11_chsh_usage_invalid_user/data/usage.out b/tests/tests/chage/11_chsh_usage_invalid_user/data/usage.out
new file mode 100644
index 0000000..cdc8a1f
--- /dev/null
+++ b/tests/tests/chage/11_chsh_usage_invalid_user/data/usage.out
@@ -0,0 +1 @@
+chage: user 'foo' does not exist in /etc/passwd
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/chage.test b/tests/tests/chage/12_chsh_usage-l_invalid_user2/chage.test
new file mode 100755
index 0000000..d3b5255
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns in case of invalid user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chage with an invalid user (chage -l foo)..."
+chage -l foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config.txt b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config.txt
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out b/tests/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out
new file mode 100644
index 0000000..cdc8a1f
--- /dev/null
+++ b/tests/tests/chage/12_chsh_usage-l_invalid_user2/data/usage.out
@@ -0,0 +1 @@
+chage: user 'foo' does not exist in /etc/passwd
diff --git a/tests/tests/chage/13_chsh_locked_passwd/chage.test b/tests/tests/chage/13_chsh_locked_passwd/chage.test
new file mode 100755
index 0000000..aeeb412
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Use chage with an invalid user (chage -I 12 bin)..."
+chage -I 12 bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config.txt b/tests/tests/chage/13_chsh_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config.txt
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/group b/tests/tests/chage/13_chsh_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/gshadow b/tests/tests/chage/13_chsh_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/passwd b/tests/tests/chage/13_chsh_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/13_chsh_locked_passwd/config/etc/shadow b/tests/tests/chage/13_chsh_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/13_chsh_locked_passwd/data/usage.out b/tests/tests/chage/13_chsh_locked_passwd/data/usage.out
new file mode 100644
index 0000000..caa44b5
--- /dev/null
+++ b/tests/tests/chage/13_chsh_locked_passwd/data/usage.out
@@ -0,0 +1,2 @@
+chage: existing lock file /etc/passwd.lock without a PID
+chage: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/chage/14_chsh_locked_shadow/chage.test b/tests/tests/chage/14_chsh_locked_shadow/chage.test
new file mode 100755
index 0000000..3474d95
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/chage.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns when shadow is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Use chage with an invalid user (chage -I 12 bin)..."
+chage -I 12 bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config.txt b/tests/tests/chage/14_chsh_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config.txt
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/group b/tests/tests/chage/14_chsh_locked_shadow/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/gshadow b/tests/tests/chage/14_chsh_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/passwd b/tests/tests/chage/14_chsh_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/14_chsh_locked_shadow/config/etc/shadow b/tests/tests/chage/14_chsh_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/14_chsh_locked_shadow/data/usage.out b/tests/tests/chage/14_chsh_locked_shadow/data/usage.out
new file mode 100644
index 0000000..f396f3c
--- /dev/null
+++ b/tests/tests/chage/14_chsh_locked_shadow/data/usage.out
@@ -0,0 +1,2 @@
+chage: existing lock file /etc/shadow.lock without a PID
+chage: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/chage.test b/tests/tests/chage/15_chage-I_no_shadow_entry/chage.test
new file mode 100755
index 0000000..77a06a2
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's inactivity period (chage -I 12 bin)..."
+chage -I 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config.txt b/tests/tests/chage/15_chage-I_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/group b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/data/passwd b/tests/tests/chage/15_chage-I_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/15_chage-I_no_shadow_entry/data/shadow b/tests/tests/chage/15_chage-I_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..d32d937
--- /dev/null
+++ b/tests/tests/chage/15_chage-I_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:::::12::
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/chage.test b/tests/tests/chage/16_chage-m_no_shadow_entry/chage.test
new file mode 100755
index 0000000..778a65a
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -m 12 bin)..."
+chage -m 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config.txt b/tests/tests/chage/16_chage-m_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/group b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/data/passwd b/tests/tests/chage/16_chage-m_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/16_chage-m_no_shadow_entry/data/shadow b/tests/tests/chage/16_chage-m_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..dc6bc8b
--- /dev/null
+++ b/tests/tests/chage/16_chage-m_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*::12:::::
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/chage.test b/tests/tests/chage/17_chage-M_no_shadow_entry/chage.test
new file mode 100755
index 0000000..6b70f06
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -M 12 bin)..."
+chage -M 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config.txt b/tests/tests/chage/17_chage-M_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/group b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/data/passwd b/tests/tests/chage/17_chage-M_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/17_chage-M_no_shadow_entry/data/shadow b/tests/tests/chage/17_chage-M_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..fb623f7
--- /dev/null
+++ b/tests/tests/chage/17_chage-M_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:::12::::
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/chage.test b/tests/tests/chage/18_chage-d_no_shadow_entry/chage.test
new file mode 100755
index 0000000..fb56cef
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -d 2011-09-11 bin)..."
+chage -d 2011-09-11 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config.txt b/tests/tests/chage/18_chage-d_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/group b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/data/passwd b/tests/tests/chage/18_chage-d_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/18_chage-d_no_shadow_entry/data/shadow b/tests/tests/chage/18_chage-d_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..df82e6c
--- /dev/null
+++ b/tests/tests/chage/18_chage-d_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:15228::::::
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/chage.test b/tests/tests/chage/19_chage-W_no_shadow_entry/chage.test
new file mode 100755
index 0000000..410ccbb
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -W 12 bin)..."
+chage -W 12 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config.txt b/tests/tests/chage/19_chage-W_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/group b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/data/passwd b/tests/tests/chage/19_chage-W_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/19_chage-W_no_shadow_entry/data/shadow b/tests/tests/chage/19_chage-W_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..3265423
--- /dev/null
+++ b/tests/tests/chage/19_chage-W_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*::::12:::
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/chage.test b/tests/tests/chage/20_chage-E_no_shadow_entry/chage.test
new file mode 100755
index 0000000..52079f7
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's mindays (chage -E 2011-09-11 bin)..."
+chage -E 2011-09-11 bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config.txt b/tests/tests/chage/20_chage-E_no_shadow_entry/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/group b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/data/passwd b/tests/tests/chage/20_chage-E_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9ad1e2
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/chage/20_chage-E_no_shadow_entry/data/shadow b/tests/tests/chage/20_chage-E_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..752a49a
--- /dev/null
+++ b/tests/tests/chage/20_chage-E_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*::::::15228:
diff --git a/tests/tests/chage/21_chage_no_shadow_file/chage.test b/tests/tests/chage/21_chage_no_shadow_file/chage.test
new file mode 100755
index 0000000..c2e8d0e
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/chage.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage warns when shadow is not enabled"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Use chage with an invalid user (chage -I 12 bin)..."
+chage -I 12 bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "15"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config.txt b/tests/tests/chage/21_chage_no_shadow_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config.txt
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/group b/tests/tests/chage/21_chage_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/gshadow b/tests/tests/chage/21_chage_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/passwd b/tests/tests/chage/21_chage_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/21_chage_no_shadow_file/config/etc/shadow b/tests/tests/chage/21_chage_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/21_chage_no_shadow_file/data/usage.out b/tests/tests/chage/21_chage_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..07d7a30
--- /dev/null
+++ b/tests/tests/chage/21_chage_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+chage: the shadow password file is not present
diff --git a/tests/tests/chage/22_chage_myuser-l/chage.test b/tests/tests/chage/22_chage_myuser-l/chage.test
new file mode 100755
index 0000000..34ad36d
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/chage.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage can be used to show one's aging info"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for user in $(ls data/)
+do
+	echo -n "Get $user aging info (chage -l $user)..."
+	su myuser1 -c "chage -l $user" >tmp/$user
+	echo "OK"
+
+	echo "chage reported:"
+	echo "======================================================================="
+	cat tmp/$user
+	echo "======================================================================="
+	echo -n "Compare with expected output..."
+	diff -au data/$user tmp/$user
+	echo "OK"
+	rm -f tmp/$user
+done
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/22_chage_myuser-l/config.txt b/tests/tests/chage/22_chage_myuser-l/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config.txt
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/group b/tests/tests/chage/22_chage_myuser-l/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/gshadow b/tests/tests/chage/22_chage_myuser-l/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/passwd b/tests/tests/chage/22_chage_myuser-l/config/etc/passwd
new file mode 100644
index 0000000..31046cf
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/passwd
@@ -0,0 +1,32 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
+myuser8:x:424249:424242::/home:/bin/bash
+myuser9:x:424250:424242::/home:/bin/bash
+myuser10:x:424251:424242::/home:/bin/bash
+myuser11:x:424252:424242::/home:/bin/bash
+myuser12:x:424253:424242::/home:/bin/bash
+myuser13:x:424254:424242::/home:/bin/bash
diff --git a/tests/tests/chage/22_chage_myuser-l/config/etc/shadow b/tests/tests/chage/22_chage_myuser-l/config/etc/shadow
new file mode 100644
index 0000000..4b81469
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/config/etc/shadow
@@ -0,0 +1,30 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
+myuser8:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:9999:7:1::
+myuser9:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:0:9999:7:1::
+myuser10:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0::7:1::
+#myuser11:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:9999:7:1::
diff --git a/tests/tests/chage/22_chage_myuser-l/data/myuser1 b/tests/tests/chage/22_chage_myuser-l/data/myuser1
new file mode 100644
index 0000000..64754ca
--- /dev/null
+++ b/tests/tests/chage/22_chage_myuser-l/data/myuser1
@@ -0,0 +1,7 @@
+Last password change					: Jul 27, 2005
+Password expires					: never
+Password inactive					: never
+Account expires						: never
+Minimum number of days between password change		: 0
+Maximum number of days between password change		: 99999
+Number of days of warning before password expires	: 7
diff --git a/tests/tests/chage/23_chage_myuser-I/chage.test b/tests/tests/chage/23_chage_myuser-I/chage.test
new file mode 100755
index 0000000..0bd7043
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage forbids to change aging info"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myusers1 uses chage to change myuser1 aging info (chage -I 12 myuser2)..."
+su myuser1 -c "chage -I 12 myuser1" 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/23_chage_myuser-I/config.txt b/tests/tests/chage/23_chage_myuser-I/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config.txt
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/group b/tests/tests/chage/23_chage_myuser-I/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/gshadow b/tests/tests/chage/23_chage_myuser-I/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/passwd b/tests/tests/chage/23_chage_myuser-I/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/23_chage_myuser-I/config/etc/shadow b/tests/tests/chage/23_chage_myuser-I/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/23_chage_myuser-I/data/usage.out b/tests/tests/chage/23_chage_myuser-I/data/usage.out
new file mode 100644
index 0000000..dc0d6ca
--- /dev/null
+++ b/tests/tests/chage/23_chage_myuser-I/data/usage.out
@@ -0,0 +1 @@
+chage: Permission denied.
diff --git a/tests/tests/chage/24_chage_myuser-l_other/chage.test b/tests/tests/chage/24_chage_myuser-l_other/chage.test
new file mode 100755
index 0000000..ef2f8e2
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/chage.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage forbids to get other accounts aging info"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myusers1 uses chage to get myuser2 aging info (chage -l myuser2)..."
+su myuser1 -c "chage -l myuser2" 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config.txt b/tests/tests/chage/24_chage_myuser-l_other/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config.txt
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/group b/tests/tests/chage/24_chage_myuser-l_other/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/gshadow b/tests/tests/chage/24_chage_myuser-l_other/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/passwd b/tests/tests/chage/24_chage_myuser-l_other/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/24_chage_myuser-l_other/config/etc/shadow b/tests/tests/chage/24_chage_myuser-l_other/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/24_chage_myuser-l_other/data/usage.out b/tests/tests/chage/24_chage_myuser-l_other/data/usage.out
new file mode 100644
index 0000000..dc0d6ca
--- /dev/null
+++ b/tests/tests/chage/24_chage_myuser-l_other/data/usage.out
@@ -0,0 +1 @@
+chage: Permission denied.
diff --git a/tests/tests/chage/25_chage_interactive/chage.test b/tests/tests/chage/25_chage_interactive/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/25_chage_interactive/config.txt b/tests/tests/chage/25_chage_interactive/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/group b/tests/tests/chage/25_chage_interactive/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/gshadow b/tests/tests/chage/25_chage_interactive/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/login.defs b/tests/tests/chage/25_chage_interactive/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/passwd b/tests/tests/chage/25_chage_interactive/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/25_chage_interactive/config/etc/shadow b/tests/tests/chage/25_chage_interactive/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/25_chage_interactive/data/shadow b/tests/tests/chage/25_chage_interactive/data/shadow
new file mode 100644
index 0000000..334494a
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12990:13:14:9:35:15548:
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/25_chage_interactive/run.exp b/tests/tests/chage/25_chage_interactive/run.exp
new file mode 100755
index 0000000..5b4b1d0
--- /dev/null
+++ b/tests/tests/chage/25_chage_interactive/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "2005-07-26\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "2012-07-27\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/26_chage_interactive_date_0/chage.test b/tests/tests/chage/26_chage_interactive_date_0/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config.txt b/tests/tests/chage/26_chage_interactive_date_0/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/group b/tests/tests/chage/26_chage_interactive_date_0/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/gshadow b/tests/tests/chage/26_chage_interactive_date_0/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/login.defs b/tests/tests/chage/26_chage_interactive_date_0/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/passwd b/tests/tests/chage/26_chage_interactive_date_0/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/26_chage_interactive_date_0/config/etc/shadow b/tests/tests/chage/26_chage_interactive_date_0/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/26_chage_interactive_date_0/data/shadow b/tests/tests/chage/26_chage_interactive_date_0/data/shadow
new file mode 100644
index 0000000..293987c
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:13:14:9:35:0:
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/26_chage_interactive_date_0/run.exp b/tests/tests/chage/26_chage_interactive_date_0/run.exp
new file mode 100755
index 0000000..2f97abb
--- /dev/null
+++ b/tests/tests/chage/26_chage_interactive_date_0/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "0\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "0\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/chage.test b/tests/tests/chage/27_chage_interactive_date_-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config.txt b/tests/tests/chage/27_chage_interactive_date_-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/group b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/gshadow b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/login.defs b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/passwd b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/config/etc/shadow b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/data/shadow b/tests/tests/chage/27_chage_interactive_date_-1/data/shadow
new file mode 100644
index 0000000..800f1a2
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::13:14:9:35::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/27_chage_interactive_date_-1/run.exp b/tests/tests/chage/27_chage_interactive_date_-1/run.exp
new file mode 100755
index 0000000..f4c20a1
--- /dev/null
+++ b/tests/tests/chage/27_chage_interactive_date_-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send -- "-1\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send -- "-1\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/chage.test b/tests/tests/chage/28_chage_interactive_date_EPOCH/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config.txt b/tests/tests/chage/28_chage_interactive_date_EPOCH/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/group b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/gshadow b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/login.defs b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/passwd b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/shadow b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/data/shadow b/tests/tests/chage/28_chage_interactive_date_EPOCH/data/shadow
new file mode 100644
index 0000000..293987c
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:0:13:14:9:35:0:
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/28_chage_interactive_date_EPOCH/run.exp b/tests/tests/chage/28_chage_interactive_date_EPOCH/run.exp
new file mode 100755
index 0000000..a93e8cc
--- /dev/null
+++ b/tests/tests/chage/28_chage_interactive_date_EPOCH/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "1970-01-01\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "1970-01-01\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/chage.test b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/chage.test
new file mode 100755
index 0000000..83b4ba2
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config.txt b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/group b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/gshadow b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/login.defs b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/passwd b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/shadow b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/run.exp b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/run.exp
new file mode 100755
index 0000000..a43fd04
--- /dev/null
+++ b/tests/tests/chage/29_chage_interactive_date_pre-EPOCH/run.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "1900-01-01\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/chage.test b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/chage.test
new file mode 100755
index 0000000..83b4ba2
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config.txt b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/group b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/gshadow b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/login.defs b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/passwd b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/shadow b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/run.exp b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/run.exp
new file mode 100755
index 0000000..9c3c5db
--- /dev/null
+++ b/tests/tests/chage/30_chage_interactive_date_pre-EPOCH2/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "1970-01-01\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9\r"
+expect -re "Password Inactive .-1\]: "
+send "35\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "1900-01-01\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/chage.test b/tests/tests/chage/31_chage_interactive_date_invalid/chage.test
new file mode 100755
index 0000000..1a8606a
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock /etc/shadow.lock' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config.txt b/tests/tests/chage/31_chage_interactive_date_invalid/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/group b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/gshadow b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/login.defs b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/passwd b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/shadow b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/31_chage_interactive_date_invalid/run.exp b/tests/tests/chage/31_chage_interactive_date_invalid/run.exp
new file mode 100755
index 0000000..91551d4
--- /dev/null
+++ b/tests/tests/chage/31_chage_interactive_date_invalid/run.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "2000-13-42\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/chage.test b/tests/tests/chage/32_chage_interactive_date_invalid2/chage.test
new file mode 100755
index 0000000..83b4ba2
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config.txt b/tests/tests/chage/32_chage_interactive_date_invalid2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/group b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/gshadow b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/login.defs b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/passwd b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/shadow b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/32_chage_interactive_date_invalid2/run.exp b/tests/tests/chage/32_chage_interactive_date_invalid2/run.exp
new file mode 100755
index 0000000..edc3f78
--- /dev/null
+++ b/tests/tests/chage/32_chage_interactive_date_invalid2/run.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "2000-mm-42\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/chage.test b/tests/tests/chage/33_chage_interactive-W_invalid1/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config.txt b/tests/tests/chage/33_chage_interactive-W_invalid1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/group b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/gshadow b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/login.defs b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/passwd b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/shadow b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/33_chage_interactive-W_invalid1/run.exp b/tests/tests/chage/33_chage_interactive-W_invalid1/run.exp
new file mode 100755
index 0000000..ac50231
--- /dev/null
+++ b/tests/tests/chage/33_chage_interactive-W_invalid1/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "0\r"
+expect -re "Password Expiration Warning .7\]: "
+send "9a\r"
+#expect -re "Password Inactive .-1\]: "
+#send "35\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/chage.test b/tests/tests/chage/34_chage_interactive-W_invalid2/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config.txt b/tests/tests/chage/34_chage_interactive-W_invalid2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/group b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/gshadow b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/login.defs b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/passwd b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/shadow b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/34_chage_interactive-W_invalid2/run.exp b/tests/tests/chage/34_chage_interactive-W_invalid2/run.exp
new file mode 100755
index 0000000..04b6f57
--- /dev/null
+++ b/tests/tests/chage/34_chage_interactive-W_invalid2/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "13\r"
+expect -re "Maximum Password Age .99999\]: "
+send "14\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "0\r"
+expect -re "Password Expiration Warning .7\]: "
+send -- "-2\r"
+#expect -re "Password Inactive .-1\]: "
+#send "35\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/35_chage_interactive-W-1/chage.test b/tests/tests/chage/35_chage_interactive-W-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config.txt b/tests/tests/chage/35_chage_interactive-W-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/group b/tests/tests/chage/35_chage_interactive-W-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/gshadow b/tests/tests/chage/35_chage_interactive-W-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/login.defs b/tests/tests/chage/35_chage_interactive-W-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/passwd b/tests/tests/chage/35_chage_interactive-W-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/35_chage_interactive-W-1/config/etc/shadow b/tests/tests/chage/35_chage_interactive-W-1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/35_chage_interactive-W-1/data/shadow b/tests/tests/chage/35_chage_interactive-W-1/data/shadow
new file mode 100644
index 0000000..4b74f15
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999::::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/35_chage_interactive-W-1/run.exp b/tests/tests/chage/35_chage_interactive-W-1/run.exp
new file mode 100755
index 0000000..84fd749
--- /dev/null
+++ b/tests/tests/chage/35_chage_interactive-W-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send -- "-1\r"
+expect -re "Password Inactive .-1\]: "
+send "\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/chage.test b/tests/tests/chage/36_chage_interactive-I_invalid1/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config.txt b/tests/tests/chage/36_chage_interactive-I_invalid1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/group b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/gshadow b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/login.defs b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/passwd b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/shadow b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/36_chage_interactive-I_invalid1/run.exp b/tests/tests/chage/36_chage_interactive-I_invalid1/run.exp
new file mode 100755
index 0000000..1e3087b
--- /dev/null
+++ b/tests/tests/chage/36_chage_interactive-I_invalid1/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .-1\]: "
+send "9a\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/chage.test b/tests/tests/chage/37_chage_interactive-I_invalid2/chage.test
new file mode 100755
index 0000000..b2d6d32
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage interactive session checks field validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config.txt b/tests/tests/chage/37_chage_interactive-I_invalid2/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/group b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/gshadow b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/login.defs b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/passwd b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/shadow b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/37_chage_interactive-I_invalid2/run.exp b/tests/tests/chage/37_chage_interactive-I_invalid2/run.exp
new file mode 100755
index 0000000..b059117
--- /dev/null
+++ b/tests/tests/chage/37_chage_interactive-I_invalid2/run.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .-1\]: "
+send -- "-2\r"
+#expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+#send "0\r"
+expect "chage: error changing fields\r\n"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/38_chage_interactive-I-1/chage.test b/tests/tests/chage/38_chage_interactive-I-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config.txt b/tests/tests/chage/38_chage_interactive-I-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/group b/tests/tests/chage/38_chage_interactive-I-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/gshadow b/tests/tests/chage/38_chage_interactive-I-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/login.defs b/tests/tests/chage/38_chage_interactive-I-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/passwd b/tests/tests/chage/38_chage_interactive-I-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/38_chage_interactive-I-1/config/etc/shadow b/tests/tests/chage/38_chage_interactive-I-1/config/etc/shadow
new file mode 100644
index 0000000..922d955
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:3::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/38_chage_interactive-I-1/data/shadow b/tests/tests/chage/38_chage_interactive-I-1/data/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/38_chage_interactive-I-1/run.exp b/tests/tests/chage/38_chage_interactive-I-1/run.exp
new file mode 100755
index 0000000..94eb463
--- /dev/null
+++ b/tests/tests/chage/38_chage_interactive-I-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .2005-07-27\]: "
+send "\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .3\]: "
+send -- "-1\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chage/39_chage_interactive-d-1/chage.test b/tests/tests/chage/39_chage_interactive-d-1/chage.test
new file mode 100755
index 0000000..8d5f5be
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/chage.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chage creates a shadow entry if there were none"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "chage interactive session as myuser1..."
+./run.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config.txt b/tests/tests/chage/39_chage_interactive-d-1/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/group b/tests/tests/chage/39_chage_interactive-d-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/gshadow b/tests/tests/chage/39_chage_interactive-d-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/login.defs b/tests/tests/chage/39_chage_interactive-d-1/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/passwd b/tests/tests/chage/39_chage_interactive-d-1/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chage/39_chage_interactive-d-1/config/etc/shadow b/tests/tests/chage/39_chage_interactive-d-1/config/etc/shadow
new file mode 100644
index 0000000..a1afc12
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:3::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/39_chage_interactive-d-1/data/shadow b/tests/tests/chage/39_chage_interactive-d-1/data/shadow
new file mode 100644
index 0000000..a1afc12
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/data/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::0:99999:7:3::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chage/39_chage_interactive-d-1/run.exp b/tests/tests/chage/39_chage_interactive-d-1/run.exp
new file mode 100755
index 0000000..362436b
--- /dev/null
+++ b/tests/tests/chage/39_chage_interactive-d-1/run.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+# I've not been able to put the opening bracket in the regular expressions
+# If anyone knows...
+
+spawn /usr/bin/chage myuser1
+expect -re "Minimum Password Age .0\]: "
+send "\r"
+expect -re "Maximum Password Age .99999\]: "
+send "\r"
+expect -re "Last Password Change \[(]YYYY-MM-DD\[)] .-1\]: "
+send -- "-1\r"
+expect -re "Password Expiration Warning .7\]: "
+send "\r"
+expect -re "Password Inactive .3\]: "
+send "\r"
+expect -re "Account Expiration Date \[(]YYYY-MM-DD\[)] .-1\]: "
+send "\r"
+expect {
+	eof {
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chroot/chage/01_chage--root/chage.test b/tests/tests/chroot/chage/01_chage--root/chage.test
new file mode 100755
index 0000000..df9aad5
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/chage.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage can change user's data in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change root's last day in chroot (chage --root $PWD/tmp/root -d 2012-12-12 root)..."
+chage --root $PWD/tmp/root -d 2012-12-12 root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chage/01_chage--root/config.txt b/tests/tests/chroot/chage/01_chage--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/default/useradd b/tests/tests/chroot/chage/01_chage--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/group b/tests/tests/chroot/chage/01_chage--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/gshadow b/tests/tests/chroot/chage/01_chage--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/passwd b/tests/tests/chroot/chage/01_chage--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chage/01_chage--root/config/etc/shadow b/tests/tests/chroot/chage/01_chage--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/group b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/gshadow b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/passwd b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/shadow b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chage/01_chage--root/data/shadow b/tests/tests/chroot/chage/01_chage--root/data/shadow
new file mode 100644
index 0000000..c9e698b
--- /dev/null
+++ b/tests/tests/chroot/chage/01_chage--root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:15686:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
new file mode 100755
index 0000000..afbdb4b
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change nobody and lp's password in chroot..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --root $PWD/tmp/root -c SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config.txt b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/default/useradd b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/group b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/gshadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/passwd b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/shadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/group b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/gshadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/passwd b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/shadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chgpasswd/01_chgpasswd--root/data/gshadow b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/data/gshadow
new file mode 100644
index 0000000..2ea5fca
--- /dev/null
+++ b/tests/tests/chroot/chgpasswd/01_chgpasswd--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
new file mode 100755
index 0000000..17282f9
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change nobody and lp's password in chroot..."
+echo 'nobody:test
+lp:test2' | chpasswd --root $PWD/tmp/root -c SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/shadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config.txt b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/default/useradd b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/group b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/gshadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/passwd b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/shadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/group b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/gshadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/passwd b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/shadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/data/shadow b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/data/shadow
new file mode 100644
index 0000000..8a67bed
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/01_chpasswd--root_nopam/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
new file mode 100755
index 0000000..2e2f895
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change nobody and lp's password in chroot..."
+echo 'nobody:test
+lp:test2' | chpasswd --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/shadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config.txt b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/default/useradd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/group b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/gshadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/passwd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/shadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/group b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/gshadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/chpasswd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/chpasswd
new file mode 100644
index 0000000..da2adcc
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/chpasswd
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/common-password b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/passwd b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/shadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/data/shadow b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/data/shadow
new file mode 100644
index 0000000..5839a29
--- /dev/null
+++ b/tests/tests/chroot/chpasswd/02_chpasswd--root_pam/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/chsh.test b/tests/tests/chroot/chsh/01_chsh--root/chsh.test
new file mode 100755
index 0000000..b99cbb4
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/chsh.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chsh can change a user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change user in chroot (chsh --root $PWD/tmp/root -s /bin/dash root)..."
+chsh --root $PWD/tmp/root -s /bin/dash root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config.txt b/tests/tests/chroot/chsh/01_chsh--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/default/useradd b/tests/tests/chroot/chsh/01_chsh--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/group b/tests/tests/chroot/chsh/01_chsh--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/gshadow b/tests/tests/chroot/chsh/01_chsh--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/passwd b/tests/tests/chroot/chsh/01_chsh--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config/etc/shadow b/tests/tests/chroot/chsh/01_chsh--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot.list b/tests/tests/chroot/chsh/01_chsh--root/config_chroot.list
new file mode 100644
index 0000000..166e521
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot.list
@@ -0,0 +1 @@
+/bin/dash
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/group b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/gshadow b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/chsh b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-account b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-auth b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-session b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-session
new file mode 100644
index 0000000..4ad1729
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/pam.d/common-session
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/passwd b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shadow b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shells b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shells
new file mode 100644
index 0000000..3cf5cc4
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/config_chroot/etc/shells
@@ -0,0 +1,3 @@
+# /etc/shells: valid login shells
+/bin/bash
+/bin/dash
diff --git a/tests/tests/chroot/chsh/01_chsh--root/data/passwd b/tests/tests/chroot/chsh/01_chsh--root/data/passwd
new file mode 100644
index 0000000..72c8a86
--- /dev/null
+++ b/tests/tests/chroot/chsh/01_chsh--root/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/dash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config.txt b/tests/tests/chroot/gpasswd/01_gpasswd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/default/useradd b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/group b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/gshadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/passwd b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/shadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/group b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/gshadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/passwd b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/shadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/data/group b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/group
new file mode 100644
index 0000000..5c28b63
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/data/gshadow b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/gshadow
new file mode 100644
index 0000000..7b869c2
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/gpasswd/01_gpasswd--root/gpasswd.test b/tests/tests/chroot/gpasswd/01_gpasswd--root/gpasswd.test
new file mode 100755
index 0000000..8e861aa
--- /dev/null
+++ b/tests/tests/chroot/gpasswd/01_gpasswd--root/gpasswd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+ls tmp/root/lib
+
+echo -n "Chang group in chroot (gpasswd -a root users -Q $PWD/tmp/root)..."
+gpasswd -a root users -Q $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config.txt b/tests/tests/chroot/groupadd/01_groupadd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/default/useradd b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/group b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/gshadow b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/passwd b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/shadow b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/group b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/gshadow b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/passwd b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/shadow b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/data/group b/tests/tests/chroot/groupadd/01_groupadd--root/data/group
new file mode 100644
index 0000000..ffc452f
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:1000:
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/data/gshadow b/tests/tests/chroot/groupadd/01_groupadd--root/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/groupadd/01_groupadd--root/groupadd.test b/tests/tests/chroot/groupadd/01_groupadd--root/groupadd.test
new file mode 100755
index 0000000..26f4c9b
--- /dev/null
+++ b/tests/tests/chroot/groupadd/01_groupadd--root/groupadd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add group foo in chroot (groupadd --root $PWD/tmp/root foo)..."
+groupadd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config.txt b/tests/tests/chroot/groupdel/01_groupdel--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/default/useradd b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/group b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/gshadow b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/passwd b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/shadow b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/group b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/gshadow b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/passwd b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/shadow b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/data/group b/tests/tests/chroot/groupdel/01_groupdel--root/data/group
new file mode 100644
index 0000000..9ee4d56
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/data/gshadow b/tests/tests/chroot/groupdel/01_groupdel--root/data/gshadow
new file mode 100644
index 0000000..b969cf2
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupdel/01_groupdel--root/groupdel.test b/tests/tests/chroot/groupdel/01_groupdel--root/groupdel.test
new file mode 100755
index 0000000..6361a12
--- /dev/null
+++ b/tests/tests/chroot/groupdel/01_groupdel--root/groupdel.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can delete a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Delete group users in chroot (groupdel --root $PWD/tmp/root users)..."
+groupdel --root $PWD/tmp/root users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config.txt b/tests/tests/chroot/groupmod/01_groupmod--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/default/useradd b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/group b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/gshadow b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/passwd b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/shadow b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/group b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/gshadow b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/passwd b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/shadow b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/data/group b/tests/tests/chroot/groupmod/01_groupmod--root/data/group
new file mode 100644
index 0000000..068bdf5
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+utilisateurs:x:100:
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/data/gshadow b/tests/tests/chroot/groupmod/01_groupmod--root/data/gshadow
new file mode 100644
index 0000000..249ec49
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+utilisateurs:*::
diff --git a/tests/tests/chroot/groupmod/01_groupmod--root/groupmod.test b/tests/tests/chroot/groupmod/01_groupmod--root/groupmod.test
new file mode 100755
index 0000000..853df8f
--- /dev/null
+++ b/tests/tests/chroot/groupmod/01_groupmod--root/groupmod.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change group in chroot (groupmod --root $PWD/tmp/root -n utilisateurs users)..."
+groupmod --root $PWD/tmp/root -n utilisateurs users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config.txt b/tests/tests/chroot/grpck/01_grpck--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/default/useradd b/tests/tests/chroot/grpck/01_grpck--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/group b/tests/tests/chroot/grpck/01_grpck--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/gshadow b/tests/tests/chroot/grpck/01_grpck--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/passwd b/tests/tests/chroot/grpck/01_grpck--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config/etc/shadow b/tests/tests/chroot/grpck/01_grpck--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/group b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/gshadow b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/passwd b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/shadow b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/data/group b/tests/tests/chroot/grpck/01_grpck--root/data/group
new file mode 100644
index 0000000..dd74ea8
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+crontab:x:101:
+Debian-exim:x:102:
+nogroup:x:65534:
+myuser:x:424242:
diff --git a/tests/tests/chroot/grpck/01_grpck--root/data/gshadow b/tests/tests/chroot/grpck/01_grpck--root/data/gshadow
new file mode 100644
index 0000000..5b9b1d4
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+nogroup:*::
+myuser:x::
diff --git a/tests/tests/chroot/grpck/01_grpck--root/grpck.test b/tests/tests/chroot/grpck/01_grpck--root/grpck.test
new file mode 100755
index 0000000..93867d0
--- /dev/null
+++ b/tests/tests/chroot/grpck/01_grpck--root/grpck.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort groups in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Sort groups in chroot (grpck --sort --root $PWD/tmp/root)..."
+grpck --sort --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config.txt b/tests/tests/chroot/grpconv/01_grpconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/default/useradd b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/group b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/gshadow b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/passwd b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/shadow b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/group b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..27f1e9a
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:foo:100:
+nogroup::65534:
+crontab:*:101:
+Debian-exim:!:102:
+myuser:*:424242:
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/passwd b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/shadow b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/data/group b/tests/tests/chroot/grpconv/01_grpconv--root/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/data/gshadow b/tests/tests/chroot/grpconv/01_grpconv--root/data/gshadow
new file mode 100644
index 0000000..5f81b8f
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/data/gshadow
@@ -0,0 +1,42 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:foo::
+nogroup:::
+crontab:*::
+Debian-exim:!::
+myuser:*::
diff --git a/tests/tests/chroot/grpconv/01_grpconv--root/grpconv.test b/tests/tests/chroot/grpconv/01_grpconv--root/grpconv.test
new file mode 100755
index 0000000..92e1bf0
--- /dev/null
+++ b/tests/tests/chroot/grpconv/01_grpconv--root/grpconv.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "grpconv in a chroot (grpconv --root $PWD/tmp/root)..."
+grpconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/gshadow
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config.txt b/tests/tests/chroot/grpunconv/01_grpunconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/default/useradd b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/group b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/gshadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/gshadow
new file mode 100644
index 0000000..b21489b
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/passwd b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/shadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/group b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/gshadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..86f5654
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/passwd b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/shadow b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/data/group b/tests/tests/chroot/grpunconv/01_grpunconv--root/data/group
new file mode 100644
index 0000000..9a03703
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:
diff --git a/tests/tests/chroot/grpunconv/01_grpunconv--root/grpunconv.test b/tests/tests/chroot/grpunconv/01_grpunconv--root/grpunconv.test
new file mode 100755
index 0000000..5d6edd5
--- /dev/null
+++ b/tests/tests/chroot/grpunconv/01_grpunconv--root/grpunconv.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "grpunconv in a chroot (grpunconv --root $PWD/tmp/root)..."
+grpunconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+test ! -f tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config.txt b/tests/tests/chroot/lastlog/01_lastlog--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/default/useradd b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/group b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/gshadow b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/passwd b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/shadow b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/group b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/group
new file mode 100644
index 0000000..d2a4b10
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/gshadow b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/passwd b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/shadow b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/data/group b/tests/tests/chroot/lastlog/01_lastlog--root/data/group
new file mode 100644
index 0000000..5c28b63
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/data/group
@@ -0,0 +1,42 @@
+staff:x:50:
+root:x:0:
+tty:x:5:
+daemon:x:1:
+bin:x:2:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+sys:x:3:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+adm:x:4:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+disk:x:6:
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/data/gshadow b/tests/tests/chroot/lastlog/01_lastlog--root/data/gshadow
new file mode 100644
index 0000000..7b869c2
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/data/lastlog.list b/tests/tests/chroot/lastlog/01_lastlog--root/data/lastlog.list
new file mode 100644
index 0000000..e95b205
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/data/lastlog.list
@@ -0,0 +1,2 @@
+Username
+myuser
diff --git a/tests/tests/chroot/lastlog/01_lastlog--root/lastlog.test b/tests/tests/chroot/lastlog/01_lastlog--root/lastlog.test
new file mode 100755
index 0000000..d61d9a7
--- /dev/null
+++ b/tests/tests/chroot/lastlog/01_lastlog--root/lastlog.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change a group in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; rm -f tmp/root/var/log/lastlog; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Create an empty /var/log/lastlog in the chroot..."
+> tmp/root/var/log/lastlog
+echo "OK"
+
+echo -n "lastlog --root $PWD/tmp/root -u 424242..."
+lastlog --root $PWD/tmp/root -u 424242> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+rm -f tmp/root/var/log/lastlog
+
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/login/01_login_sublogin/config.txt b/tests/tests/chroot/login/01_login_sublogin/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/group b/tests/tests/chroot/login/01_login_sublogin/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/gshadow b/tests/tests/chroot/login/01_login_sublogin/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/login.defs b/tests/tests/chroot/login/01_login_sublogin/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/passwd b/tests/tests/chroot/login/01_login_sublogin/config/etc/passwd
new file mode 100644
index 0000000..7b82b88
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/nonexistent:*/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/login/01_login_sublogin/config/etc/shadow b/tests/tests/chroot/login/01_login_sublogin/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot.list b/tests/tests/chroot/login/01_login_sublogin/config_chroot.list
new file mode 100644
index 0000000..e22e8e8
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot.list
@@ -0,0 +1,3 @@
+/bin/dash
+/bin/sh
+/usr/bin/id
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/group b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/gshadow b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/login.defs b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-account b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-auth b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-password b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session
new file mode 100644
index 0000000..4ad1729
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session-noninteractive b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session-noninteractive
new file mode 100644
index 0000000..c9144d5
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/common-session-noninteractive
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-session-noninteractive - session-related modules
+# common to all non-interactive services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of all non-interactive sessions.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+# end of pam-auth-update config
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/login b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/login
new file mode 100644
index 0000000..8acd533
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/login
@@ -0,0 +1,107 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/other b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/other
new file mode 100644
index 0000000..59d776c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/pam.d/other
@@ -0,0 +1,16 @@
+#
+# /etc/pam.d/other - specify the PAM fallback behaviour
+#
+# Note that this file is used for any unspecified service; for example
+#if /etc/pam.d/cron  specifies no session modules but cron calls
+#pam_open_session, the session module out of /etc/pam.d/other is
+#used.  If you really want nothing to happen then use pam_permit.so or
+#pam_deny.so as appropriate.
+
+# We fall back to the system default in /etc/pam.d/common-*
+# 
+
+@include common-auth
+@include common-account
+@include common-password
+@include common-session
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/passwd b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/securetty b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/securetty
new file mode 100644
index 0000000..f65650f
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/securetty
@@ -0,0 +1,390 @@
+# /etc/securetty: list of terminals on which root is allowed to login.
+# See securetty(5) and login(1).
+
+console
+
+# Local X displays (allows empty passwords with pam_unix's nullok_secure)
+:0
+:0.0
+:0.1
+:1
+:1.0
+:1.1
+:2
+:2.0
+:2.1
+:3
+:3.0
+:3.1
+#...
+
+
+# ==========================================================
+#
+# TTYs sorted by major number according to Documentation/devices.txt
+#
+# ==========================================================
+
+# Virtual consoles
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+tty11
+tty12
+tty13
+tty14
+tty15
+tty16
+tty17
+tty18
+tty19
+tty20
+tty21
+tty22
+tty23
+tty24
+tty25
+tty26
+tty27
+tty28
+tty29
+tty30
+tty31
+tty32
+tty33
+tty34
+tty35
+tty36
+tty37
+tty38
+tty39
+tty40
+tty41
+tty42
+tty43
+tty44
+tty45
+tty46
+tty47
+tty48
+tty49
+tty50
+tty51
+tty52
+tty53
+tty54
+tty55
+tty56
+tty57
+tty58
+tty59
+tty60
+tty61
+tty62
+tty63
+
+# UART serial ports
+ttyS0
+ttyS1
+ttyS2
+ttyS3
+ttyS4
+ttyS5
+#...ttyS191
+
+# Serial Mux devices	(Linux/PA-RISC only)
+ttyB0
+ttyB1
+#...
+
+# Chase serial card
+ttyH0
+ttyH1
+#...
+
+# Cyclades serial cards
+ttyC0
+ttyC1
+#...ttyC31
+
+# Digiboard serial cards
+ttyD0
+ttyD1
+#...
+
+# Stallion serial cards
+ttyE0
+ttyE1
+#...ttyE255
+
+# Specialix serial cards
+ttyX0
+ttyX1
+#...
+
+# Comtrol Rocketport serial cards
+ttyR0
+ttyR1
+#...
+
+# SDL RISCom serial cards
+ttyL0
+ttyL1
+#...
+
+# Hayes ESP serial card
+ttyP0
+ttyP1
+#...
+
+# Computone IntelliPort II serial card
+ttyF0
+ttyF1
+#...ttyF255
+
+# Specialix IO8+ serial card
+ttyW0
+ttyW1
+#...
+
+# Comtrol VS-1000 serial controller
+ttyV0
+ttyV1
+#...
+
+# ISI serial card
+ttyM0
+ttyM1
+#...
+
+# Technology Concepts serial card
+ttyT0
+ttyT1
+#...
+
+# Specialix RIO serial card
+ttySR0
+ttySR1
+#...ttySR511
+
+# Chase Research AT/PCI-Fast serial card
+ttyCH0
+ttyCH1
+#...ttyCH63
+
+# Moxa Intellio serial card
+ttyMX0
+ttyMX1
+#...ttyMX127
+
+# SmartIO serial card
+ttySI0
+ttySI1
+#...
+
+# USB dongles
+ttyUSB0
+ttyUSB1
+ttyUSB2
+#...
+
+# LinkUp Systems L72xx UARTs
+ttyLU0
+ttyLU1
+ttyLU2
+ttyLU3
+
+# StrongARM builtin serial ports
+ttySA0
+ttySA1
+ttySA2
+
+# SCI serial port (SuperH) ports and SC26xx serial ports
+ttySC0
+ttySC1
+ttySC2
+ttySC3
+
+# ARM "AMBA" serial ports
+ttyAM0
+ttyAM1
+ttyAM2
+ttyAM3
+ttyAM4
+ttyAM5
+ttyAM6
+ttyAM7
+ttyAM8
+ttyAM9
+ttyAM10
+ttyAM11
+ttyAM12
+ttyAM13
+ttyAM14
+ttyAM15
+
+# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
+ttyAMA0
+ttyAMA1
+ttyAMA2
+ttyAMA3
+
+# DataBooster serial ports
+ttyDB0
+ttyDB1
+ttyDB2
+ttyDB3
+ttyDB4
+ttyDB5
+ttyDB6
+ttyDB7
+
+# SGI Altix console ports
+ttySG0
+
+# Motorola i.MX ports
+ttySMX0
+ttySMX1
+ttySMX2
+
+# Marvell MPSC ports
+ttyMM0
+ttyMM1
+
+# PPC CPM (SCC or SMC) ports
+ttyCPM0
+ttyCPM1
+ttyCPM2
+ttyCPM3
+ttyCPM4
+ttyCPM5
+
+# Altix serial cards
+ttyIOC0
+ttyIOC1
+#...ttyIOC31
+
+# NEC VR4100 series SIU
+ttyVR0
+
+# NEC VR4100 series SSIU
+ttyVR1
+
+# Altix ioc4 serial cards
+ttyIOC84
+ttyIOC85
+#...ttyIOC115
+
+# Altix ioc3 serial cards
+ttySIOC0
+ttySIOC1
+#...ttySIOC31
+
+# PPC PSC ports
+ttyPSC0
+ttyPSC1
+ttyPSC2
+ttyPSC3
+ttyPSC4
+ttyPSC5
+
+# ATMEL serial ports
+ttyAT0
+ttyAT1
+#...ttyAT15
+
+# Hilscher netX serial port
+ttyNX0
+ttyNX1
+#...ttyNX15
+
+# Xilinx uartlite - port
+ttyUL0
+ttyUL1
+ttyUL2
+ttyUL3
+
+# Xen virtual console - port 0
+xvc0
+
+# pmac_zilog - port
+ttyPZ0
+ttyPZ1
+ttyPZ2
+ttyPZ3
+
+# TX39/49 serial port
+ttyTX0
+ttyTX1
+ttyTX2
+ttyTX3
+ttyTX4
+ttyTX5
+ttyTX6
+ttyTX7
+
+# SC26xx serial ports (see SCI serial ports (SuperH))
+
+# MAX3100 serial ports
+ttyMAX0
+ttyMAX1
+ttyMAX2
+ttyMAX3
+
+# OMAP serial ports
+ttyO0
+ttyO1
+ttyO2
+ttyO3
+
+# User space serial ports
+ttyU0
+ttyU1
+
+# A2232 serial card
+ttyY0
+ttyY1
+
+# IBM 3270 terminal Unix tty access
+3270/tty1
+3270/tty2
+#...
+
+# IBM iSeries/pSeries virtual console
+hvc0
+hvc1
+#...
+#IBM pSeries console ports
+hvsi0
+hvsi1
+hvsi2
+
+# Equinox SST multi-port serial boards
+ttyEQ0
+ttyEQ1
+#...ttyEQ1027
+
+# ==========================================================
+#
+# Not in Documentation/Devices.txt
+#
+# ==========================================================
+
+# Embedded Freescale i.MX ports
+ttymxc0
+ttymxc1
+ttymxc2
+ttymxc3
+ttymxc4
+ttymxc5
+
+# Serial Console for MIPS Swarm
+duart0
+duart1
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/security/limits.conf b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/security/limits.conf
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/security/limits.conf
diff --git a/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/shadow b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/login/01_login_sublogin/login.exp b/tests/tests/chroot/login/01_login_sublogin/login.exp
new file mode 100755
index 0000000..4523935
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/login.exp
@@ -0,0 +1,25 @@
+#!/usr/bin/expect
+
+set timeout 10
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "strace -s 1000 -o /tmp/login.strace login\r"
+expect " login: "
+send "myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "# expect uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "id\r"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "exit\r"
+
+exit 0
diff --git a/tests/tests/chroot/login/01_login_sublogin/login.test b/tests/tests/chroot/login/01_login_sublogin/login.test
new file mode 100755
index 0000000..f5d271b
--- /dev/null
+++ b/tests/tests/chroot/login/01_login_sublogin/login.test
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+usermod -d $PWD/tmp/root myuser 
+
+prepare_chroot
+
+./login.exp
+echo
+
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config.txt b/tests/tests/chroot/pwck/01_pwck--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/default/useradd b/tests/tests/chroot/pwck/01_pwck--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/group b/tests/tests/chroot/pwck/01_pwck--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/gshadow b/tests/tests/chroot/pwck/01_pwck--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/passwd b/tests/tests/chroot/pwck/01_pwck--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config/etc/shadow b/tests/tests/chroot/pwck/01_pwck--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/group b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/gshadow b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/passwd b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..76c6fc3
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+testsuite::424244:424244::/home:/bin/bash
+testsuite1::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/shadow b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/pwck/01_pwck--root/data/pwck.out b/tests/tests/chroot/pwck/01_pwck--root/data/pwck.out
new file mode 100644
index 0000000..92a5670
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/data/pwck.out
@@ -0,0 +1,59 @@
+user 'root': program '/bin/bash' does not exist
+user 'daemon': directory '/usr/sbin' does not exist
+user 'daemon': program '/bin/sh' does not exist
+user 'bin': directory '/bin' does not exist
+user 'bin': program '/bin/sh' does not exist
+user 'sys': directory '/dev' does not exist
+user 'sys': program '/bin/sh' does not exist
+user 'sync': directory '/bin' does not exist
+user 'sync': program '/bin/sync' does not exist
+user 'games': directory '/usr/games' does not exist
+user 'games': program '/bin/sh' does not exist
+user 'man': directory '/var/cache/man' does not exist
+user 'man': program '/bin/sh' does not exist
+user 'lp': directory '/var/spool/lpd' does not exist
+user 'lp': program '/bin/sh' does not exist
+user 'mail': directory '/var/mail' does not exist
+user 'mail': program '/bin/sh' does not exist
+user 'news': directory '/var/spool/news' does not exist
+user 'news': program '/bin/sh' does not exist
+user 'uucp': directory '/var/spool/uucp' does not exist
+user 'uucp': program '/bin/sh' does not exist
+user 'proxy': directory '/bin' does not exist
+user 'proxy': program '/bin/sh' does not exist
+user 'www-data': directory '/var/www' does not exist
+user 'www-data': program '/bin/sh' does not exist
+user 'backup': directory '/var/backups' does not exist
+user 'backup': program '/bin/sh' does not exist
+user 'list': directory '/var/list' does not exist
+user 'list': program '/bin/sh' does not exist
+user 'irc': directory '/var/run/ircd' does not exist
+user 'irc': program '/bin/sh' does not exist
+user 'gnats': directory '/var/lib/gnats' does not exist
+user 'gnats': program '/bin/sh' does not exist
+user 'nobody': directory '/nonexistent' does not exist
+user 'nobody': program '/bin/sh' does not exist
+user 'Debian-exim': directory '/var/spool/exim4' does not exist
+user 'Debian-exim': program '/bin/false' does not exist
+user 'myuser': directory '/home/' does not exist
+user 'myuser': program '/bin/sh' does not exist
+duplicate password entry
+delete line 'testsuite::424243:424243::/home:/bin/bash'? No
+user 'testsuite': no group 424243
+user 'testsuite': directory '/home' does not exist
+user 'testsuite': program '/bin/bash' does not exist
+no matching password file entry in /etc/shadow
+add user 'testsuite' in /etc/shadow? No
+duplicate password entry
+delete line 'testsuite::424244:424244::/home:/bin/bash'? No
+user 'testsuite': no group 424244
+user 'testsuite': directory '/home' does not exist
+user 'testsuite': program '/bin/bash' does not exist
+no matching password file entry in /etc/shadow
+add user 'testsuite' in /etc/shadow? No
+user 'testsuite1': no group 424243
+user 'testsuite1': directory '/home' does not exist
+user 'testsuite1': program '/bin/bash' does not exist
+no matching password file entry in /etc/shadow
+add user 'testsuite1' in /etc/shadow? No
+pwck: no changes
diff --git a/tests/tests/chroot/pwck/01_pwck--root/pwck.test b/tests/tests/chroot/pwck/01_pwck--root/pwck.test
new file mode 100755
index 0000000..25cba9f
--- /dev/null
+++ b/tests/tests/chroot/pwck/01_pwck--root/pwck.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "pwck in a chroot (pwck --read-only --root $PWD/tmp/root)..."
+pwck --read-only --root $PWD/tmp/root >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.out tmp/pwck.out
+echo "error message OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config.txt b/tests/tests/chroot/pwconv/01_pwconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/default/useradd b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/group b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/gshadow b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/passwd b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/shadow b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/group b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/gshadow b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/passwd b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..1a85284
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/data/passwd b/tests/tests/chroot/pwconv/01_pwconv--root/data/passwd
new file mode 100644
index 0000000..89b6962
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite:x:424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/data/shadow b/tests/tests/chroot/pwconv/01_pwconv--root/data/shadow
new file mode 100644
index 0000000..38bf30c
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:@TODAY@:0:99999:7:::
+daemon:*:@TODAY@:0:99999:7:::
+bin:*:@TODAY@:0:99999:7:::
+sys:*:@TODAY@:0:99999:7:::
+sync:*:@TODAY@:0:99999:7:::
+games:*:@TODAY@:0:99999:7:::
+man:*:@TODAY@:0:99999:7:::
+lp:*:@TODAY@:0:99999:7:::
+mail:*:@TODAY@:0:99999:7:::
+news:*:@TODAY@:0:99999:7:::
+uucp:*:@TODAY@:0:99999:7:::
+proxy:*:@TODAY@:0:99999:7:::
+www-data:*:@TODAY@:0:99999:7:::
+backup:*:@TODAY@:0:99999:7:::
+list:*:@TODAY@:0:99999:7:::
+irc:*:@TODAY@:0:99999:7:::
+gnats:*:@TODAY@:0:99999:7:::
+nobody:*:@TODAY@:0:99999:7:::
+Debian-exim:!:@TODAY@:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:@TODAY@:0:99999:7:::
+testsuite::@TODAY@:0:99999:7:::
diff --git a/tests/tests/chroot/pwconv/01_pwconv--root/pwconv.test b/tests/tests/chroot/pwconv/01_pwconv--root/pwconv.test
new file mode 100755
index 0000000..3b92ab4
--- /dev/null
+++ b/tests/tests/chroot/pwconv/01_pwconv--root/pwconv.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "pwconv in a chroot (pwconv --root $PWD/tmp/root)..."
+pwconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/shadow
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config.txt b/tests/tests/chroot/pwunconv/01_pwunconv--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/default/useradd b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/group b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/gshadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/passwd b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/shadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/group b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/gshadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/passwd b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/shadow b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/data/passwd b/tests/tests/chroot/pwunconv/01_pwunconv--root/data/passwd
new file mode 100644
index 0000000..1a85284
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/data/passwd
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/pwunconv/01_pwunconv--root/pwunconv.test b/tests/tests/chroot/pwunconv/01_pwunconv--root/pwunconv.test
new file mode 100755
index 0000000..60c2552
--- /dev/null
+++ b/tests/tests/chroot/pwunconv/01_pwunconv--root/pwunconv.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv can change a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "pwunconv in a chroot (pwunconv --root $PWD/tmp/root)..."
+pwunconv --root $PWD/tmp/root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+test ! -f tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config.txt b/tests/tests/chroot/useradd/01_useradd--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/default/useradd b/tests/tests/chroot/useradd/01_useradd--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/group b/tests/tests/chroot/useradd/01_useradd--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/gshadow b/tests/tests/chroot/useradd/01_useradd--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/passwd b/tests/tests/chroot/useradd/01_useradd--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config/etc/shadow b/tests/tests/chroot/useradd/01_useradd--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/group b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/passwd b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/shadow b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/group b/tests/tests/chroot/useradd/01_useradd--root/data/group
new file mode 100644
index 0000000..ffc452f
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:1000:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/gshadow b/tests/tests/chroot/useradd/01_useradd--root/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/passwd b/tests/tests/chroot/useradd/01_useradd--root/data/passwd
new file mode 100644
index 0000000..102186a
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+foo:x:1000:1000::/home/foo:
diff --git a/tests/tests/chroot/useradd/01_useradd--root/data/shadow b/tests/tests/chroot/useradd/01_useradd--root/data/shadow
new file mode 100644
index 0000000..258cf2b
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/01_useradd--root/useradd.test b/tests/tests/chroot/useradd/01_useradd--root/useradd.test
new file mode 100755
index 0000000..aa9dd35
--- /dev/null
+++ b/tests/tests/chroot/useradd/01_useradd--root/useradd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can add an user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add user foo in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config.txt b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/default/useradd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/group b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/gshadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/passwd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/shadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/group b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs
new file mode 100644
index 0000000..825aae3
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 2000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1500
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/passwd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/shadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/group b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/group
new file mode 100644
index 0000000..eb04ced
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:2000:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/gshadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/passwd b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/passwd
new file mode 100644
index 0000000..25d10d6
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+foo:x:2000:2000::/home/foo:
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/shadow b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/shadow
new file mode 100644
index 0000000..258cf2b
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/02_useradd--root_login.defs/useradd.test b/tests/tests/chroot/useradd/02_useradd--root_login.defs/useradd.test
new file mode 100755
index 0000000..aa9dd35
--- /dev/null
+++ b/tests/tests/chroot/useradd/02_useradd--root_login.defs/useradd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can add an user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add user foo in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config.txt b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/default/useradd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/group b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/gshadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/passwd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/shadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/default/useradd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/default/useradd
new file mode 100644
index 0000000..5051e1d
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/group b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/passwd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/shadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/group b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/group
new file mode 100644
index 0000000..ffc452f
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
+foo:x:1000:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/gshadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/gshadow
new file mode 100644
index 0000000..e4b350d
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
+foo:!::
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/passwd b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/passwd
new file mode 100644
index 0000000..22fa744
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
+foo:x:1000:1000::/tmp/foo:/bin/sh
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/shadow b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/shadow
new file mode 100644
index 0000000..f4c9dfb
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/chroot/useradd/03_useradd--root_useradd.default/useradd.test b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/useradd.test
new file mode 100755
index 0000000..aa9dd35
--- /dev/null
+++ b/tests/tests/chroot/useradd/03_useradd--root_useradd.default/useradd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can add an user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Add user foo in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd --root $PWD/tmp/root foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config.txt b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/default/useradd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/group b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/gshadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/passwd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/shadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/default/useradd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/default/useradd
new file mode 100644
index 0000000..5051e1d
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/group b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/passwd b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/shadow b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/data/useradd.out b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/data/useradd.out
new file mode 100644
index 0000000..581c055
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/data/useradd.out
@@ -0,0 +1,7 @@
+GROUP=10
+HOME=/tmp
+INACTIVE=12
+EXPIRE=2007-12-02
+SHELL=/bin/sh
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/chroot/useradd/04_useradd--root_useradd-D/useradd.test b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/useradd.test
new file mode 100755
index 0000000..069e704
--- /dev/null
+++ b/tests/tests/chroot/useradd/04_useradd--root_useradd-D/useradd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can list defaults from a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "List defaults in chroot (useradd --root $PWD/tmp/root foo)..."
+useradd -D --root $PWD/tmp/root > tmp/useradd.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.out tmp/useradd.out
+echo "OK."
+rm -f tmp/useradd.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc//group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config.txt b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/default/useradd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/group b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/gshadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/passwd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/shadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/default/useradd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/default/useradd
new file mode 100644
index 0000000..d1406e4
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/group b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/gshadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/passwd b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/shadow b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/data/useradd.default b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/data/useradd.default
new file mode 100644
index 0000000..aaca91a
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/data/useradd.default
@@ -0,0 +1,38 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=424242
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2012-12-12
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
new file mode 100755
index 0000000..97059da
--- /dev/null
+++ b/tests/tests/chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can list defaults from a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "List defaults in chroot (useradd -D --root $PWD/tmp/root -e 2012-12-12 -g 424242)..."
+useradd -D --root $PWD/tmp/root -e 2012-12-12 -g 424242
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl config_chroot/etc/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc//group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+echo -n "Check the useradd's default file..."
+diff -au data/useradd.default tmp/root/etc/default/useradd
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+rm -f tmp/root/etc/default/useradd-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config.txt b/tests/tests/chroot/userdel/01_userdel--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/default/useradd b/tests/tests/chroot/userdel/01_userdel--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/group b/tests/tests/chroot/userdel/01_userdel--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/gshadow b/tests/tests/chroot/userdel/01_userdel--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/passwd b/tests/tests/chroot/userdel/01_userdel--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config/etc/shadow b/tests/tests/chroot/userdel/01_userdel--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/group b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/gshadow b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/passwd b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/shadow b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/group b/tests/tests/chroot/userdel/01_userdel--root/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/gshadow b/tests/tests/chroot/userdel/01_userdel--root/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/passwd b/tests/tests/chroot/userdel/01_userdel--root/data/passwd
new file mode 100644
index 0000000..4736f1c
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/userdel/01_userdel--root/data/shadow b/tests/tests/chroot/userdel/01_userdel--root/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/userdel/01_userdel--root/userdel.test b/tests/tests/chroot/userdel/01_userdel--root/userdel.test
new file mode 100755
index 0000000..4ee203e
--- /dev/null
+++ b/tests/tests/chroot/userdel/01_userdel--root/userdel.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel can change a user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Delete a user in chroot (userdel --root $PWD/tmp/root myuser)..."
+userdel --root $PWD/tmp/root myuser
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config.txt b/tests/tests/chroot/usermod/01_usermod--root/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/default/useradd b/tests/tests/chroot/usermod/01_usermod--root/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/group b/tests/tests/chroot/usermod/01_usermod--root/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/gshadow b/tests/tests/chroot/usermod/01_usermod--root/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/passwd b/tests/tests/chroot/usermod/01_usermod--root/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config/etc/shadow b/tests/tests/chroot/usermod/01_usermod--root/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/group b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/gshadow b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/passwd b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/shadow b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/config_chroot/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chroot/usermod/01_usermod--root/data/passwd b/tests/tests/chroot/usermod/01_usermod--root/data/passwd
new file mode 100644
index 0000000..1f47aaf
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:100:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/chroot/usermod/01_usermod--root/usermod.test b/tests/tests/chroot/usermod/01_usermod--root/usermod.test
new file mode 100755
index 0000000..14f7a08
--- /dev/null
+++ b/tests/tests/chroot/usermod/01_usermod--root/usermod.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can change a user in a chroot"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; clean_chroot; restore_config' 0
+
+change_config
+
+prepare_chroot
+
+echo -n "Change user in chroot (usermod --root $PWD/tmp/root -g users root)..."
+usermod --root $PWD/tmp/root -g users root
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/root/etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl config_chroot/etc/group tmp/root/etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl config_chroot/etc/shadow tmp/root/etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl config_chroot/etc/gshadow tmp/root/etc/gshadow
+echo "OK"
+
+rm -f tmp/root/etc/.pwd.lock
+rm -f tmp/root/etc/passwd-
+rm -f tmp/root/etc/group-
+rm -f tmp/root/etc/shadow-
+rm -f tmp/root/etc/gshadow-
+clean_chroot
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/01/data/chsh1 b/tests/tests/chsh/01/data/chsh1
new file mode 100644
index 0000000..01b3d53
--- /dev/null
+++ b/tests/tests/chsh/01/data/chsh1
@@ -0,0 +1 @@
+You may not change the shell for 'myuser'.
diff --git a/tests/tests/chsh/01/data/chsh2 b/tests/tests/chsh/01/data/chsh2
new file mode 100644
index 0000000..b017d6d
--- /dev/null
+++ b/tests/tests/chsh/01/data/chsh2
@@ -0,0 +1 @@
+You may not change the shell for 'myuser2'.
diff --git a/tests/tests/chsh/01/data/group b/tests/tests/chsh/01/data/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/01/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/01/data/gshadow b/tests/tests/chsh/01/data/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/01/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/01/data/passwd b/tests/tests/chsh/01/data/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/tests/chsh/01/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/01/data/shadow b/tests/tests/chsh/01/data/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/01/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/01/data/shells b/tests/tests/chsh/01/data/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/tests/chsh/01/data/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/01/run b/tests/tests/chsh/01/run
new file mode 100755
index 0000000..4d72eea
--- /dev/null
+++ b/tests/tests/chsh/01/run
@@ -0,0 +1,143 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test chage options
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow shells
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp /etc/$i- tmp/$i-
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow shells
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm -f tmp/out
+	rm -f tmp/shell tmp/sh:ell
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'if [ "$?" != "0" ]; then echo "FAIL"; fi; restore' 0
+
+for i in passwd group shadow gshadow shells
+do
+	cp data/$i /etc
+done
+
+echo -n "changing to a restricted shell, by root..."
+cp /bin/bash tmp/shell
+chsh -s $(pwd)/tmp/shell myuser
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:"$(pwd)"/tmp/shell" ] || exit 1
+echo "OK"
+
+echo -n "changing from a restricted shell, by myuser..."
+su myuser -c "chsh -s /bin/bash" 2> tmp/out && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:"$(pwd)"/tmp/shell" ] || exit 1
+diff -au data/chsh1 tmp/out
+echo "OK"
+
+echo -n "changing from a restricted shell, by root..."
+chsh -s /bin/bash myuser
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+echo "OK"
+
+# Need to be done by expect now (chage asks for a passwd if not root)
+#echo -n "changing to a restricted shell, by myuser..."
+#su myuser -c "chsh -s $(pwd)/tmp/shell" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+#echo -n "changing to a new valid shell, by myuser..."
+#echo $(pwd)/tmp/shell >> /tmp/shells
+#su myuser -c "chsh -s $(pwd)/tmp/shell" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+echo -n "changing another user's shell..."
+su myuser -c "chsh -s /bin/sh myuser2" 2> tmp/out && exit 1
+ent=$(getent passwd myuser2)
+[ "$ent" = "myuser2:x:424243:424242::/home:/bin/sh" ] || exit 1
+diff -au data/chsh2 tmp/out
+echo "OK"
+
+#echo -n "changing to a non-executable shell..."
+#chmod a-x tmp/shell
+#su myuser -c "chsh -s $(pwd)/tmp/shell myuser" 2> tmp/out && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#grep "/tmp/shell is an invalid shell." tmp/out > /dev/null
+#[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+#echo "OK"
+
+echo -n "changing to an invalid shell name..."
+cp /bin/bash tmp/sh:ell
+echo $(pwd)/tmp/sh:ell >> /etc/shells
+chsh -s $(pwd)/tmp/sh:ell myuser 2> tmp/out && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+grep -E "chsh: Invalid entry: .*/tmp/sh:ell" tmp/out > /dev/null
+[ $(wc -l tmp/out| cut -d" " -f1) = "1" ] || exit 1
+echo "OK"
+
+echo "testing the interactive mode (1)..."
+rm -f tmp/out
+./run.exp /bin/bash myuser
+[ -f tmp/out ] && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+echo "OK"
+
+#echo "testing the interactive mode (2)..."
+#rm -f tmp/out
+#su myuser -c "./run.exp /bin/bash"
+#[ -f tmp/out ] && exit 1
+#ent=$(getent passwd myuser)
+#[ "$ent" = "myuser:x:424242:424242::/home:/bin/bash" ] || exit 1
+#echo "OK"
+
+echo "testing the interactive mode (3)..."
+rm -f tmp/out
+./run.exp /bin/sh myuser
+[ -f tmp/out ] && exit 1
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/sh" ] || exit 1
+echo "OK"
+
+echo "testing the interactive mode (4)..."
+rm -f tmp/out
+./run.exp $(pwd)/tmp/sh:ell myuser && exit 1
+grep -E "chsh: Invalid entry: .*/tmp/sh:ell" tmp/out > /dev/null
+ent=$(getent passwd myuser)
+[ "$ent" = "myuser:x:424242:424242::/home:/bin/sh" ] || exit 1
+echo "OK"
+
diff --git a/tests/tests/chsh/01/run.exp b/tests/tests/chsh/01/run.exp
new file mode 100755
index 0000000..4890193
--- /dev/null
+++ b/tests/tests/chsh/01/run.exp
@@ -0,0 +1,38 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/02_chsh_usage/chsh.test b/tests/tests/chsh/02_chsh_usage/chsh.test
new file mode 100755
index 0000000..3a6e656
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/chsh.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chsh usage (chsh -h)..."
+chsh -h >tmp/usage.out
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/02_chsh_usage/config.txt b/tests/tests/chsh/02_chsh_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config.txt
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/group b/tests/tests/chsh/02_chsh_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/group
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/gshadow b/tests/tests/chsh/02_chsh_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/gshadow
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/passwd b/tests/tests/chsh/02_chsh_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/passwd
diff --git a/tests/tests/chsh/02_chsh_usage/config/etc/shadow b/tests/tests/chsh/02_chsh_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/config/etc/shadow
diff --git a/tests/tests/chsh/02_chsh_usage/data/usage.out b/tests/tests/chsh/02_chsh_usage/data/usage.out
new file mode 100644
index 0000000..ef576ec
--- /dev/null
+++ b/tests/tests/chsh/02_chsh_usage/data/usage.out
@@ -0,0 +1,7 @@
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/chsh.test b/tests/tests/chsh/03_chsh_usage_invalid_option/chsh.test
new file mode 100755
index 0000000..4552cc3
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh displays its usage message is case of invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use wrong chsh option (chsh -Z)..."
+chsh -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config.txt b/tests/tests/chsh/03_chsh_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config.txt
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/group b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/group
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/gshadow
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/passwd
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/config/etc/shadow
diff --git a/tests/tests/chsh/03_chsh_usage_invalid_option/data/usage.out b/tests/tests/chsh/03_chsh_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..e930bab
--- /dev/null
+++ b/tests/tests/chsh/03_chsh_usage_invalid_option/data/usage.out
@@ -0,0 +1,8 @@
+chsh: invalid option -- 'Z'
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/chsh.test b/tests/tests/chsh/04_chsh_usage_2_users/chsh.test
new file mode 100755
index 0000000..ef1c181
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh displays its usage message is case multiple users are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chsh with 2 users (chsh -s /bin/sh root bin)..."
+chsh -s /bin/sh root bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config.txt b/tests/tests/chsh/04_chsh_usage_2_users/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config.txt
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/group b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/group
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/gshadow
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/passwd b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/passwd
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/config/etc/shadow b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/config/etc/shadow
diff --git a/tests/tests/chsh/04_chsh_usage_2_users/data/usage.out b/tests/tests/chsh/04_chsh_usage_2_users/data/usage.out
new file mode 100644
index 0000000..ef576ec
--- /dev/null
+++ b/tests/tests/chsh/04_chsh_usage_2_users/data/usage.out
@@ -0,0 +1,7 @@
+Usage: chsh [options] [LOGIN]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test b/tests/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test
new file mode 100755
index 0000000..4844266
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/sh"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config.txt b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config.txt
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/05_chsh_myuser_restricted_shell/run.exp b/tests/tests/chsh/05_chsh_myuser_restricted_shell/run.exp
new file mode 100755
index 0000000..1abf085
--- /dev/null
+++ b/tests/tests/chsh/05_chsh_myuser_restricted_shell/run.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "You may not change the shell for 'myuser'.\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test
new file mode 100755
index 0000000..d8d88ac
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/sh"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config.txt
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..37b0467
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..d52a3bf
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp
new file mode 100755
index 0000000..0c0e023
--- /dev/null
+++ b/tests/tests/chsh/06_chsh_myuser_non_restricted_shell/run.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/chsh.test b/tests/tests/chsh/07_chsh_usage_invalid_user/chsh.test
new file mode 100755
index 0000000..5d76de2
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh checks that the user exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use chsh for an invalid user (chsh wronguser)..."
+chsh wronguser 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config.txt b/tests/tests/chsh/07_chsh_usage_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config.txt
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/group b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/group
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/gshadow
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/passwd
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/config/etc/shadow
diff --git a/tests/tests/chsh/07_chsh_usage_invalid_user/data/usage.out b/tests/tests/chsh/07_chsh_usage_invalid_user/data/usage.out
new file mode 100644
index 0000000..f57326c
--- /dev/null
+++ b/tests/tests/chsh/07_chsh_usage_invalid_user/data/usage.out
@@ -0,0 +1 @@
+chsh: user 'wronguser' does not exist
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test
new file mode 100755
index 0000000..611d1a6
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config.txt
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/tests/chsh/08_chsh_myuser_to_restricted_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test
new file mode 100755
index 0000000..6248780
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/chsh.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo /tmp/bash >> /etc/shells
+echo -n "execute chsh..."
+su myuser -c "./run.exp /tmp/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config.txt
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/tests/chsh/09_chsh_myuser_to_missing_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
new file mode 100755
index 0000000..7dd4642
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /tmp/bash' 0
+
+change_config
+
+chmod a+w tmp
+
+echo /tmp/bash >> /etc/shells
+cp /bin/bash /tmp/bash
+chmod a-x /tmp/bash
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /tmp/bash"
+echo "OK"
+rm -f /tmp/bash
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config.txt
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp
new file mode 100755
index 0000000..b1bd8d6
--- /dev/null
+++ b/tests/tests/chsh/10_chsh_myuser_to_non_executable_shell/run.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "Changing the login shell for myuser"
+expect "Enter the new value, or press ENTER for the default"
+expect -re "Login Shell .*\]: "
+send "$shell\r"
+expect "$shell\r\n"
+expect "chsh: $shell is an invalid shell\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/11_chsh_auth_failure/chsh.test b/tests/tests/chsh/11_chsh_auth_failure/chsh.test
new file mode 100755
index 0000000..dda9bc6
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/chsh.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh checks password for non root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+chmod a+w tmp
+
+echo -n "execute chsh..."
+su myuser -c "./run.exp /bin/bash"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config.txt b/tests/tests/chsh/11_chsh_auth_failure/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config.txt
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/group b/tests/tests/chsh/11_chsh_auth_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/gshadow b/tests/tests/chsh/11_chsh_auth_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/passwd b/tests/tests/chsh/11_chsh_auth_failure/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/shadow b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/11_chsh_auth_failure/config/etc/shells b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shells
new file mode 100644
index 0000000..16e922a
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/config/etc/shells
@@ -0,0 +1,15 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+#/bin/zsh
+/usr/bin/esh
+/bin/rbash
diff --git a/tests/tests/chsh/11_chsh_auth_failure/data/passwd b/tests/tests/chsh/11_chsh_auth_failure/data/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/11_chsh_auth_failure/run.exp b/tests/tests/chsh/11_chsh_auth_failure/run.exp
new file mode 100755
index 0000000..67e3455
--- /dev/null
+++ b/tests/tests/chsh/11_chsh_auth_failure/run.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect
+
+set timeout 5
+
+if {$argc < 1} {
+	puts "usage: run.exp \[shell] \[user]"
+	exit 1
+}
+set shell     [lindex $argv 0]
+
+if {$argc == 2} {
+	spawn /usr/bin/chsh [lindex $argv 1]
+} else {
+	spawn /usr/bin/chsh
+}
+
+expect "Password: "
+send "wrong pass\r"
+expect "chsh: PAM: Authentication failure\r\n"
+expect {
+	eof {
+		if ([string compare $expect_out(buffer) ""]) {
+			set fp [open "tmp/out" w]
+			puts $fp "$expect_out(buffer)"
+			puts "\nFAIL"
+			exit 1
+		}
+	} default {
+		puts "\nFAIL"
+		exit 1
+	}
+}
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/chsh.test b/tests/tests/chsh/12_chsh_warning_missing_shell/chsh.test
new file mode 100755
index 0000000..de12b13
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/chsh.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change shell to a missing shell (chsh -s /tmp/bash bin)..."
+chsh -s /tmp/bash bin 2>tmp/chsh.err
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "usage message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config.txt b/tests/tests/chsh/12_chsh_warning_missing_shell/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config.txt
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/group b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err b/tests/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err
new file mode 100644
index 0000000..7801a16
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/data/chsh.err
@@ -0,0 +1 @@
+chsh: Warning: /tmp/bash does not exist
diff --git a/tests/tests/chsh/12_chsh_warning_missing_shell/data/passwd b/tests/tests/chsh/12_chsh_warning_missing_shell/data/passwd
new file mode 100644
index 0000000..7e745d9
--- /dev/null
+++ b/tests/tests/chsh/12_chsh_warning_missing_shell/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/tmp/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/chsh.test b/tests/tests/chsh/13_chsh_warning_non_executable/chsh.test
new file mode 100755
index 0000000..c98bad7
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/chsh.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /tmp/bash' 0
+
+change_config
+
+cp /bin/bash /tmp/bash
+chmod a-x /tmp/bash
+
+echo -n "Change shell to a missing shell (chsh -s /tmp/bash bin)..."
+chsh -s /tmp/bash bin 2>tmp/chsh.err
+echo "OK"
+rm -f /tmp/bash
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "usage message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config.txt b/tests/tests/chsh/13_chsh_warning_non_executable/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config.txt
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/group b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh
new file mode 100644
index 0000000..7eb604d
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/pam.d/chsh
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shells b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shells
new file mode 100644
index 0000000..4fd4378
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/config/etc/shells
@@ -0,0 +1,16 @@
+# /etc/shells: valid login shells
+/bin/ash
+/bin/csh
+/bin/sh
+/usr/bin/es
+/usr/bin/ksh
+/bin/ksh
+/usr/bin/rc
+/usr/bin/tcsh
+/bin/tcsh
+/usr/bin/zsh
+/bin/sash
+/bin/zsh
+/usr/bin/esh
+/bin/bash
+/bin/rbash
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/data/chsh.err b/tests/tests/chsh/13_chsh_warning_non_executable/data/chsh.err
new file mode 100644
index 0000000..4a87ec2
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/data/chsh.err
@@ -0,0 +1 @@
+chsh: Warning: /tmp/bash is not executable
diff --git a/tests/tests/chsh/13_chsh_warning_non_executable/data/passwd b/tests/tests/chsh/13_chsh_warning_non_executable/data/passwd
new file mode 100644
index 0000000..7e745d9
--- /dev/null
+++ b/tests/tests/chsh/13_chsh_warning_non_executable/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/tmp/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/chsh.test b/tests/tests/chsh/14_chsh_locked_passwd/chsh.test
new file mode 100755
index 0000000..c41e1eb
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/chsh.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change shell (chsh -s /bin/bash bin)..."
+chsh -s /bin/bash bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config.txt b/tests/tests/chsh/14_chsh_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config.txt
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/group b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/passwd b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/config/etc/shadow b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chsh/14_chsh_locked_passwd/data/chsh.err b/tests/tests/chsh/14_chsh_locked_passwd/data/chsh.err
new file mode 100644
index 0000000..c5ebce9
--- /dev/null
+++ b/tests/tests/chsh/14_chsh_locked_passwd/data/chsh.err
@@ -0,0 +1,2 @@
+chsh: existing lock file /etc/passwd.lock without a PID
+chsh: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/chsh/15_chsh_PAM_error/chsh.test b/tests/tests/chsh/15_chsh_PAM_error/chsh.test
new file mode 100755
index 0000000..c900e0c
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/chsh.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "chsh warns when the chsh PAM configuration is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the PAM configuration (/etc/pam.d/chsh /etc/pam.d/other)..."
+rm -f /etc/pam.d/chsh /etc/pam.d/other
+echo OK
+
+echo -n "Change shell (chsh -s /bin/bash bin)..."
+chsh -s /bin/bash bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config.txt b/tests/tests/chsh/15_chsh_PAM_error/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config.txt
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/group b/tests/tests/chsh/15_chsh_PAM_error/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/gshadow b/tests/tests/chsh/15_chsh_PAM_error/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/chsh
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/pam.d/other
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/passwd b/tests/tests/chsh/15_chsh_PAM_error/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/chsh/15_chsh_PAM_error/config/etc/shadow b/tests/tests/chsh/15_chsh_PAM_error/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/chsh/15_chsh_PAM_error/data/chsh.err b/tests/tests/chsh/15_chsh_PAM_error/data/chsh.err
new file mode 100644
index 0000000..5c039d5
--- /dev/null
+++ b/tests/tests/chsh/15_chsh_PAM_error/data/chsh.err
@@ -0,0 +1 @@
+chsh: PAM: Critical error - immediate abort
diff --git a/tests/tests/cktools/01/data/group b/tests/tests/cktools/01/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/01/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/01/data/gshadow b/tests/tests/cktools/01/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/01/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/01/data/passwd b/tests/tests/cktools/01/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/01/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/01/data/run2.err b/tests/tests/cktools/01/data/run2.err
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/01/data/run2.err
diff --git a/tests/tests/cktools/01/data/run2.out b/tests/tests/cktools/01/data/run2.out
new file mode 100644
index 0000000..00df312
--- /dev/null
+++ b/tests/tests/cktools/01/data/run2.out
@@ -0,0 +1,13 @@
+user 'lp': directory '/var/spool/lpd' does not exist
+user 'news': directory '/var/spool/news' does not exist
+user 'uucp': directory '/var/spool/uucp' does not exist
+user 'www-data': directory '/var/www' does not exist
+user 'list': directory '/var/list' does not exist
+user 'irc': directory '/var/run/ircd' does not exist
+user 'gnats': directory '/var/lib/gnats' does not exist
+user 'nobody': directory '/nonexistent' does not exist
+user 'Debian-exim': directory '/var/spool/exim4' does not exist
+user 'test': no group 10002
+no matching password file entry in /etc/shadow
+add user 'test' in /etc/shadow? No
+pwck: no changes
diff --git a/tests/tests/cktools/01/data/shadow b/tests/tests/cktools/01/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/01/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/01/run1 b/tests/tests/cktools/01/run1
new file mode 100755
index 0000000..04aa793
--- /dev/null
+++ b/tests/tests/cktools/01/run1
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo "pwck accepts valid password file "
+msg=$(pwck -r | grep -v "^user .*: directory .* does not exist$")
+echo msg: $msg
+test "$msg" = "pwck: no changes"
+echo "  OK"
+echo "grpck accepts valid password file "
+msg=$(grpck -r)
+test "$msg" = ""
+echo "  OK"
+
diff --git a/tests/tests/cktools/01/run2 b/tests/tests/cktools/01/run2
new file mode 100755
index 0000000..df1e277
--- /dev/null
+++ b/tests/tests/cktools/01/run2
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	rm -f tmp/err tmp/out
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Add an user without an entry in shadow "
+echo "test:x:10002:10002::/tmp:/bin/false" >> /etc/passwd
+echo "OK"
+
+echo "Check that pwck detects it "
+pwck -r > tmp/out 2> tmp/err || true
+diff -au data/run2.out tmp/out
+diff -au data/run2.err tmp/err
+echo "  OK"
+echo "grpck accepts valid password file "
+msg=$(grpck -r)
+test "$msg" = ""
+echo "  OK"
+
+#echo -n "Make sure pwck can fix it "
+#pwcd
+#echo "OK"
diff --git a/tests/tests/cktools/02_pwck_sort/config.txt b/tests/tests/cktools/02_pwck_sort/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/group b/tests/tests/cktools/02_pwck_sort/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/gshadow b/tests/tests/cktools/02_pwck_sort/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/passwd b/tests/tests/cktools/02_pwck_sort/config/etc/passwd
new file mode 100644
index 0000000..e69a810
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/passwd
@@ -0,0 +1,20 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/02_pwck_sort/config/etc/shadow b/tests/tests/cktools/02_pwck_sort/config/etc/shadow
new file mode 100644
index 0000000..42cf133
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/config/etc/shadow
@@ -0,0 +1,20 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/02_pwck_sort/data/passwd b/tests/tests/cktools/02_pwck_sort/data/passwd
new file mode 100644
index 0000000..5b45b52
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/cktools/02_pwck_sort/data/shadow b/tests/tests/cktools/02_pwck_sort/data/shadow
new file mode 100644
index 0000000..8033f27
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/02_pwck_sort/pwck.test b/tests/tests/cktools/02_pwck_sort/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/02_pwck_sort/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/03_grpck_sort/config.txt b/tests/tests/cktools/03_grpck_sort/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/group b/tests/tests/cktools/03_grpck_sort/config/etc/group
new file mode 100644
index 0000000..afbb01e
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/gshadow b/tests/tests/cktools/03_grpck_sort/config/etc/gshadow
new file mode 100644
index 0000000..8182ad7
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/gshadow
@@ -0,0 +1,42 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/passwd b/tests/tests/cktools/03_grpck_sort/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/03_grpck_sort/config/etc/shadow b/tests/tests/cktools/03_grpck_sort/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/03_grpck_sort/data/group b/tests/tests/cktools/03_grpck_sort/data/group
new file mode 100644
index 0000000..1265953
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
diff --git a/tests/tests/cktools/03_grpck_sort/data/gshadow b/tests/tests/cktools/03_grpck_sort/data/gshadow
new file mode 100644
index 0000000..f2209e3
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+nogroup:*::
diff --git a/tests/tests/cktools/03_grpck_sort/grpck.test b/tests/tests/cktools/03_grpck_sort/grpck.test
new file mode 100755
index 0000000..75e62cf
--- /dev/null
+++ b/tests/tests/cktools/03_grpck_sort/grpck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config.txt b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/group b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/gshadow b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/passwd b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/passwd
new file mode 100644
index 0000000..e69a810
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/passwd
@@ -0,0 +1,20 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/shadow b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/shadow
new file mode 100644
index 0000000..64573fa
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/config/etc/shadow
@@ -0,0 +1,19 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/passwd b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/passwd
new file mode 100644
index 0000000..5b45b52
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/shadow b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/shadow
new file mode 100644
index 0000000..f1e4d80
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/04_pwck_sort_missing_shadow_user/pwck.test b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/04_pwck_sort_missing_shadow_user/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config.txt b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/group b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/group
new file mode 100644
index 0000000..afbb01e
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/gshadow b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..695bf8f
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+foo:*::
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/passwd b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/shadow b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/group b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/group
new file mode 100644
index 0000000..1265953
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/gshadow b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/gshadow
new file mode 100644
index 0000000..7dcb3e5
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+foo:*::
+nogroup:*::
diff --git a/tests/tests/cktools/05_grpck_sort_missing_shadow_group/grpck.test b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/grpck.test
new file mode 100755
index 0000000..75e62cf
--- /dev/null
+++ b/tests/tests/cktools/05_grpck_sort_missing_shadow_group/grpck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config.txt b/tests/tests/cktools/06_pwck_sort_NIS_server/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/group b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/group
new file mode 100644
index 0000000..18eb6c2
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
++:::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/gshadow b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/gshadow
new file mode 100644
index 0000000..7a7ef3a
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
++:::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/passwd b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/passwd
new file mode 100644
index 0000000..365af62
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/passwd
@@ -0,0 +1,24 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
++miquels::::::
++:*:::::/etc/NoShell
+tester:*:299:10:Just a test account:/tmp:
+miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/shadow b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/shadow
new file mode 100644
index 0000000..5a24e78
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/config/etc/shadow
@@ -0,0 +1,21 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
++::::::::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/data/passwd b/tests/tests/cktools/06_pwck_sort_NIS_server/data/passwd
new file mode 100644
index 0000000..c12f8a9
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/data/passwd
@@ -0,0 +1,24 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
++miquels::::::
++:*:::::/etc/NoShell
+tester:*:299:10:Just a test account:/tmp:
+miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/data/shadow b/tests/tests/cktools/06_pwck_sort_NIS_server/data/shadow
new file mode 100644
index 0000000..6a626df
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/data/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
++::::::::
diff --git a/tests/tests/cktools/06_pwck_sort_NIS_server/pwck.test b/tests/tests/cktools/06_pwck_sort_NIS_server/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/06_pwck_sort_NIS_server/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config.txt b/tests/tests/cktools/07_pwck_sort_NIS_client/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/group b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/group
new file mode 100644
index 0000000..f914b38
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
++:::
++miquels:::
++foo:::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/gshadow b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/gshadow
new file mode 100644
index 0000000..7a7ef3a
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
++:::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/passwd b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/passwd
new file mode 100644
index 0000000..913d7fc
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/passwd
@@ -0,0 +1,22 @@
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+games:x:5:60:games:/usr/games:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
++miquels::::::
++:*:::::/etc/NoShell
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/shadow b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/shadow
new file mode 100644
index 0000000..8f31dfb
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/config/etc/shadow
@@ -0,0 +1,22 @@
+daemon:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
++::::::::
++foo2:!:::::::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/data/passwd b/tests/tests/cktools/07_pwck_sort_NIS_client/data/passwd
new file mode 100644
index 0000000..032bdd2
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
++miquels::::::
++:*:::::/etc/NoShell
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/data/shadow b/tests/tests/cktools/07_pwck_sort_NIS_client/data/shadow
new file mode 100644
index 0000000..5350e77
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
++::::::::
++foo2:!:::::::
diff --git a/tests/tests/cktools/07_pwck_sort_NIS_client/pwck.test b/tests/tests/cktools/07_pwck_sort_NIS_client/pwck.test
new file mode 100755
index 0000000..9d6afb1
--- /dev/null
+++ b/tests/tests/cktools/07_pwck_sort_NIS_client/pwck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwck can sort the passwd entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the passwd entries (pwck -s)..."
+pwck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config.txt b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/group b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/gshadow b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/passwd b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/shadow b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/group b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/gshadow b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.exp b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.exp
new file mode 100755
index 0000000..df3e04c
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "yes\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.test b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
new file mode 100755
index 0000000..906d629
--- /dev/null
+++ b/tests/tests/cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config.txt b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/group b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/gshadow b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/passwd b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/shadow b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/data/gshadow b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.exp b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.exp
new file mode 100755
index 0000000..08d3526
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "no\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.test b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config.txt b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/group b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.exp b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.exp
new file mode 100755
index 0000000..c0aea87
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "no\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config.txt b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/group b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/gshadow b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/passwd b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/shadow b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/data/gshadow b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.exp b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.exp
new file mode 100755
index 0000000..6bb26e4
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "no matching group file entry in /etc/gshadow"
+expect "add group 'foo' in /etc/gshadow? "
+send "yes\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config.txt b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/group b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/gshadow b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/passwd b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/shadow b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/data/gshadow b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.exp b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.exp
new file mode 100755
index 0000000..ed6ffca
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "no matching group file entry in /etc/gshadow"
+expect "add group 'foo' in /etc/gshadow? "
+send "no\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config.txt b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/group b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.exp b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.exp
new file mode 100755
index 0000000..a5f1817
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "no matching group file entry in /etc/gshadow"
+expect "add group 'foo' in /etc/gshadow? "
+send "no\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config.txt b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/group b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/gshadow b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/passwd b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/shadow b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/group b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/gshadow b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.exp b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.exp
new file mode 100755
index 0000000..8f5dc7b
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck tmp/group tmp/gshadow\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "yes\r"
+expect "no matching group file entry in tmp/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.test b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.test
new file mode 100755
index 0000000..666852e
--- /dev/null
+++ b/tests/tests/cktools/grpck/10_grpck_missing_field_group_local/grpck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy group and gshadow locally..."
+cp /etc/group /etc/gshadow tmp/
+echo "OK"
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/gshadow
+echo "OK"
+
+rm -f tmp/group tmp/group- tmp/gshadow tmp/gshadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config.txt b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/group b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/gshadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/gshadow
new file mode 100644
index 0000000..b8fb234
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/passwd b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/shadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/group b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/gshadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/shadow b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.exp b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.exp
new file mode 100755
index 0000000..63fe7db
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck tmp/group tmp/gshadow\r"
+expect "no matching group file entry in tmp/gshadow"
+expect "add group 'foo' in tmp/gshadow? "
+send "yes\r"
+expect "invalid shadow group file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
new file mode 100755
index 0000000..666852e
--- /dev/null
+++ b/tests/tests/cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy group and gshadow locally..."
+cp /etc/group /etc/gshadow tmp/
+echo "OK"
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+../../../common/compare_file.pl data/gshadow tmp/gshadow
+echo "OK"
+
+rm -f tmp/group tmp/group- tmp/gshadow tmp/gshadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config.txt b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/group b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/group
new file mode 100644
index 0000000..757aef8
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/gshadow b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/passwd b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/shadow b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/data/group b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/data/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.exp b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.exp
new file mode 100755
index 0000000..39b700b
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.test b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/12_grpck_unknown_user_group/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config.txt b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/group b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..d2a1782
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/data/gshadow b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/data/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.exp b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.exp
new file mode 100755
index 0000000..05858b5
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "'foo2' is a member of the 'foo' group in /etc/gshadow but not in /etc/group"
+expect "shadow group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config.txt b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/group b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..a7d227e
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*:foo3,foo4:foo3,daemon,bin,foo2
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/data/gshadow b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/data/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.exp b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.exp
new file mode 100755
index 0000000..b5a65b1
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "'foo3' is a member of the 'foo' group in /etc/gshadow but not in /etc/group"
+expect "'foo2' is a member of the 'foo' group in /etc/gshadow but not in /etc/group"
+expect "shadow group foo: no administrative user foo3"
+expect "delete administrative member 'foo3'? "
+send "yes\r"
+expect "shadow group foo: no administrative user foo4"
+expect "delete administrative member 'foo4'? "
+send "yes\r"
+expect "shadow group foo: no user foo3"
+expect "delete member 'foo3'? "
+send "yes\r"
+expect "shadow group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config.txt b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/group b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/group
new file mode 100644
index 0000000..4eeb1ff
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,foo2,foo2,bin
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/gshadow b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/gshadow
new file mode 100644
index 0000000..3e97ea4
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,bin
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/passwd b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/shadow b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/data/group b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/data/group
new file mode 100644
index 0000000..cf18eb5
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,bin
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.exp b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.exp
new file mode 100755
index 0000000..4de3e21
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config.txt b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/group b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/group
new file mode 100644
index 0000000..7351800
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/gshadow b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/passwd b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/shadow b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/data/group b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/data/group
new file mode 100644
index 0000000..5c08ae1
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.exp b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.exp
new file mode 100755
index 0000000..8c08987
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:daemon'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.test b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config.txt b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/group b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/group
new file mode 100644
index 0000000..fda0a6d
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..124c805
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/data/gshadow b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/data/gshadow
new file mode 100644
index 0000000..bdd8388
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.exp b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.exp
new file mode 100755
index 0000000..2fd4ff1
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::daemon'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config.txt b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/group b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/group
new file mode 100644
index 0000000..7351800
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.exp b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.exp
new file mode 100755
index 0000000..51d64df
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.exp
@@ -0,0 +1,24 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:daemon'? "
+send "no\r"
+expect "'daemon' is a member of the 'foo' group in /etc/group but not in /etc/gshadow"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:bin'? "
+send "no \r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config.txt b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/group b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fda0a6d
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..124c805
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.exp b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.exp
new file mode 100755
index 0000000..57e9090
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::daemon'? "
+send "no\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::bin'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config.txt b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/group b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/group
new file mode 100644
index 0000000..fda0a6d
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/gshadow b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/gshadow
new file mode 100644
index 0000000..124c805
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
+foo:*::bin
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/passwd b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/shadow b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/data/gshadow b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/data/gshadow
new file mode 100644
index 0000000..a1a4f31
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+foo:*::daemon
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.exp b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.exp
new file mode 100755
index 0000000..7796948
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::daemon'? "
+send "no\r"
+expect "duplicate shadow group entry"
+expect "delete line 'foo:*::bin'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
new file mode 100755
index 0000000..dcfa249
--- /dev/null
+++ b/tests/tests/cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config.txt b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/group b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/group
new file mode 100644
index 0000000..220f375
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+f o o:x:1000:
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/gshadow b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/gshadow
new file mode 100644
index 0000000..8337b65
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+f o o:*::
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/passwd b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/shadow b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.exp b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.exp
new file mode 100755
index 0000000..8312839
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group name 'f o o'"
+expect "grpck: no changes"
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.test b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/21_grpck_invalid_group_name/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config.txt b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/group b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/group
new file mode 100644
index 0000000..e9efa8b
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:-1:
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/gshadow b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/passwd b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/shadow b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/group b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/gshadow b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.exp b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.exp
new file mode 100755
index 0000000..af20b34
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x:-1:'? "
+send "yes\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
new file mode 100755
index 0000000..906d629
--- /dev/null
+++ b/tests/tests/cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config.txt b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/group b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/group
new file mode 100644
index 0000000..c6a2e19
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4294967295:
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/gshadow b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/passwd b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/shadow b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.exp b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.exp
new file mode 100755
index 0000000..29a5e9f
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group ID '4294967295'"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config.txt b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/group b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/group
new file mode 100644
index 0000000..cb278ce
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4294967296:
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/gshadow b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/passwd b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/shadow b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/group b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/gshadow b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.exp b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.exp
new file mode 100755
index 0000000..b4eaaa9
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x:4294967296:'? "
+send "yes\r"
+expect "no matching group file entry in /etc/group"
+expect "delete line 'foo:*::'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
new file mode 100755
index 0000000..906d629
--- /dev/null
+++ b/tests/tests/cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config.txt b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/group b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/group
new file mode 100644
index 0000000..757aef8
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/gshadow b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..d2a1782
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::daemon,foo2,bin
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/passwd b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/shadow b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.exp b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.exp
new file mode 100755
index 0000000..15cd397
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "no\r"
+expect "shadow group foo: no user foo2"
+expect "delete member 'foo2'? "
+send "no\r"
+expect "grpck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
new file mode 100755
index 0000000..81bf12c
--- /dev/null
+++ b/tests/tests/cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config.txt b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/group b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..9303fe2
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:bar
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/gshadow b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..695bf8f
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/passwd b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/shadow b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/data/grpck.out b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/data/grpck.out
new file mode 100644
index 0000000..929e0e8
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/data/grpck.out
@@ -0,0 +1,3 @@
+group foo: no user bar
+delete member 'bar'? No
+grpck: no changes
diff --git a/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/grpck.test b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/grpck.test
new file mode 100755
index 0000000..0ccd682
--- /dev/null
+++ b/tests/tests/cktools/grpck/26_grpck_no_gshadow_file/grpck.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can check the group entries when there are no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Check the group entries (grpck -r)..."
+grpck -r >tmp/grpck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.out tmp/grpck.out
+echo "error message OK."
+rm -f tmp/grpck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config.txt b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/group b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..afbb01e
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/gshadow b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..695bf8f
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/passwd b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/shadow b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/data/group b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/data/group
new file mode 100644
index 0000000..1265953
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
diff --git a/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
new file mode 100755
index 0000000..31a6e9e
--- /dev/null
+++ b/tests/tests/cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config.txt b/tests/tests/cktools/grpck/28_grpck_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/default/useradd b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/group b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/gshadow b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/passwd b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/config/etc/shadow b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/data/usage.out b/tests/tests/cktools/grpck/28_grpck_usage/data/usage.out
new file mode 100644
index 0000000..899e2d7
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/data/usage.out
@@ -0,0 +1,9 @@
+Usage: grpck [options] [group [gshadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/grpck/28_grpck_usage/grpck.test b/tests/tests/cktools/grpck/28_grpck_usage/grpck.test
new file mode 100755
index 0000000..e397aaf
--- /dev/null
+++ b/tests/tests/cktools/grpck/28_grpck_usage/grpck.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpck usage (grpck -h)..."
+grpck -h >tmp/usage.out
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config.txt b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/default/useradd b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/group b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/gshadow b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/passwd b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/shadow b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/data/usage.out b/tests/tests/cktools/grpck/29_grpck_sort_readonly/data/usage.out
new file mode 100644
index 0000000..cd278fa
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/data/usage.out
@@ -0,0 +1 @@
+grpck: -s and -r are incompatible
diff --git a/tests/tests/cktools/grpck/29_grpck_sort_readonly/grpck.test b/tests/tests/cktools/grpck/29_grpck_sort_readonly/grpck.test
new file mode 100755
index 0000000..417584f
--- /dev/null
+++ b/tests/tests/cktools/grpck/29_grpck_sort_readonly/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failure when sorting and read only are enabled"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpck usage (grpck -r -s)..."
+grpck -r -s 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config.txt b/tests/tests/cktools/grpck/30_grpck_3_files/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/default/useradd b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/group b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/gshadow b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/passwd b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/shadow b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/data/usage.out b/tests/tests/cktools/grpck/30_grpck_3_files/data/usage.out
new file mode 100644
index 0000000..899e2d7
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/data/usage.out
@@ -0,0 +1,9 @@
+Usage: grpck [options] [group [gshadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/grpck/30_grpck_3_files/grpck.test b/tests/tests/cktools/grpck/30_grpck_3_files/grpck.test
new file mode 100755
index 0000000..e2614d9
--- /dev/null
+++ b/tests/tests/cktools/grpck/30_grpck_3_files/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks its number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpck usage (grpck -r foo bar baz)..."
+grpck -r foo bar baz 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config.txt b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/group b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/data/group b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.exp b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.exp
new file mode 100755
index 0000000..8c53688
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck tmp/group\r"
+expect "invalid group file entry"
+expect "delete line 'foo:x'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
new file mode 100755
index 0000000..3c74960
--- /dev/null
+++ b/tests/tests/cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy group and gshadow locally..."
+cp /etc/group tmp/
+echo "OK"
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+../../../common/compare_file.pl data/group tmp/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/group tmp/group- tmp/gshadow tmp/gshadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config.txt b/tests/tests/cktools/grpck/32_grpck_sort_nis/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/group b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/group
new file mode 100644
index 0000000..e644ed9
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/group
@@ -0,0 +1,45 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
++:::
++foo1:::
+-foo2:
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/gshadow b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/gshadow
new file mode 100644
index 0000000..8182ad7
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/gshadow
@@ -0,0 +1,42 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/passwd b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/shadow b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/data/group b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/group
new file mode 100644
index 0000000..23467d3
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+nogroup:x:65534:
++:::
++foo1:::
+-foo2:
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/data/gshadow b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/gshadow
new file mode 100644
index 0000000..f2209e3
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+nogroup:*::
diff --git a/tests/tests/cktools/grpck/32_grpck_sort_nis/grpck.test b/tests/tests/cktools/grpck/32_grpck_sort_nis/grpck.test
new file mode 100755
index 0000000..d509689
--- /dev/null
+++ b/tests/tests/cktools/grpck/32_grpck_sort_nis/grpck.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort the group entries (grpck -s)..."
+grpck -s
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config.txt b/tests/tests/cktools/grpck/33_grpck_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config.txt
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/default/useradd b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/group b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/gshadow b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/passwd b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/shadow b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/data/grpck.err b/tests/tests/cktools/grpck/33_grpck_locked_group/data/grpck.err
new file mode 100644
index 0000000..1f6325d
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/data/grpck.err
@@ -0,0 +1,2 @@
+grpck: existing lock file /etc/group.lock without a PID
+grpck: cannot lock /etc/group; try again later.
diff --git a/tests/tests/cktools/grpck/33_grpck_locked_group/grpck.test b/tests/tests/cktools/grpck/33_grpck_locked_group/grpck.test
new file mode 100755
index 0000000..0aa139c
--- /dev/null
+++ b/tests/tests/cktools/grpck/33_grpck_locked_group/grpck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Check groups (grpck)..."
+grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config.txt b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config.txt
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/default/useradd b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/group b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/data/grpck.err b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/data/grpck.err
new file mode 100644
index 0000000..868dee1
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/data/grpck.err
@@ -0,0 +1,2 @@
+grpck: existing lock file /etc/gshadow.lock without a PID
+grpck: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/cktools/grpck/34_grpck_locked_gshadow/grpck.test b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/grpck.test
new file mode 100755
index 0000000..4c6ea0c
--- /dev/null
+++ b/tests/tests/cktools/grpck/34_grpck_locked_gshadow/grpck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Check groups (grpck)..."
+grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config.txt b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/group b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/group
new file mode 100644
index 0000000..213b065
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:daemon
++:::
+-bar:::
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/gshadow b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/passwd b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/shadow b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/data/group b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/data/group
new file mode 100644
index 0000000..6c080ef
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
++:::
+-bar:::
+foo:x:1000:bin
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.exp b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.exp
new file mode 100755
index 0000000..8c08987
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "grpck\r"
+expect "duplicate group entry"
+expect "delete line 'foo:x:1000:daemon'? "
+send "yes\r"
+expect "grpck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
new file mode 100755
index 0000000..741bfe1
--- /dev/null
+++ b/tests/tests/cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./grpck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config.txt b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/group b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/group
new file mode 100644
index 0000000..52cf2af
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+daemon:x:1:
+bin:x:2:
+kmem:x:15:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+root:x:0:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+gnats:x:41:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:toto:1000:
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/gshadow b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..817f174
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+daemon:*::
+bin:*::
+kmem:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+root:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+gnats:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+foo:foo::
+Debian-exim:*::
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/passwd b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/shadow b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/data/grpck.out b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/data/grpck.out
new file mode 100644
index 0000000..476a798
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/data/grpck.out
@@ -0,0 +1,2 @@
+group foo has an entry in /etc/gshadow, but its password field in /etc/group is not set to 'x'
+grpck: no changes
diff --git a/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/grpck.test b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/grpck.test
new file mode 100755
index 0000000..d32ae67
--- /dev/null
+++ b/tests/tests/cktools/grpck/36_grpck_password_group_gshadow/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck can sort the group entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check the group entries (grpck -r)..."
+grpck -r >tmp/grpck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.out tmp/grpck.out
+echo "error message OK."
+rm -f tmp/grpck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config.txt b/tests/tests/cktools/grpck/37_grpck_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/group b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/gshadow b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/passwd b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/shadow b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/data/usage.out b/tests/tests/cktools/grpck/37_grpck_invalid_option/data/usage.out
new file mode 100644
index 0000000..1142051
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/data/usage.out
@@ -0,0 +1,10 @@
+grpck: unrecognized option '--invalid'
+Usage: grpck [options] [group [gshadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/grpck/37_grpck_invalid_option/grpck.test b/tests/tests/cktools/grpck/37_grpck_invalid_option/grpck.test
new file mode 100755
index 0000000..c13be5f
--- /dev/null
+++ b/tests/tests/cktools/grpck/37_grpck_invalid_option/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck reports usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call grpck with an invalid option (grpck --invalid)..."
+grpck --invalid 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config.txt b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config.txt
new file mode 100644
index 0000000..b3c3e75
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config.txt
@@ -0,0 +1,2 @@
+group foo
+user foo with typo in passwd
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/group b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/gshadow b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/passwd b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/shadow b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/passwd b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/shadow b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.exp b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.exp
new file mode 100755
index 0000000..8ddfd2b
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "yes\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
new file mode 100755
index 0000000..9f8c33a
--- /dev/null
+++ b/tests/tests/cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config.txt b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/group b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/gshadow b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/passwd b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/shadow b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/data/shadow b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.exp b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.exp
new file mode 100755
index 0000000..ae0e8ea
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "no\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
new file mode 100755
index 0000000..688759d
--- /dev/null
+++ b/tests/tests/cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config.txt b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/group b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.exp b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.exp
new file mode 100755
index 0000000..086b25d
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "no\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
new file mode 100755
index 0000000..b9f4a13
--- /dev/null
+++ b/tests/tests/cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and does not change the system database if requested"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config.txt b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/group b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/gshadow b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/passwd b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/shadow b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/data/shadow b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/data/shadow
new file mode 100644
index 0000000..c9a0314
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/data/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:x:@TODAY@:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.exp b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.exp
new file mode 100755
index 0000000..819a5ea
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'foo' in /etc/shadow? "
+send "yes\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:!:12977:0:99999:7::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
new file mode 100755
index 0000000..688759d
--- /dev/null
+++ b/tests/tests/cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config.txt b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/group b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/gshadow b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/passwd b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/shadow b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/data/shadow b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.exp b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.exp
new file mode 100755
index 0000000..d72e00f
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'foo' in /etc/shadow? "
+send "no\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:!:12977:0:99999:7::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
new file mode 100755
index 0000000..688759d
--- /dev/null
+++ b/tests/tests/cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config.txt b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/group b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.exp b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.exp
new file mode 100755
index 0000000..30ca663
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'foo' in /etc/shadow? "
+send "no\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:!:12977:0:99999:7::'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
new file mode 100755
index 0000000..893ba6e
--- /dev/null
+++ b/tests/tests/cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change the system database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config.txt b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/group b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/gshadow b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/passwd b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/passwd
new file mode 100644
index 0000000..4ee448d
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/shadow b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/passwd b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/shadow b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.exp b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.exp
new file mode 100755
index 0000000..4304cae
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck tmp/passwd tmp/shadow\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:1000:1000::'? "
+send "yes\r"
+expect "no matching password file entry in tmp/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
new file mode 100755
index 0000000..b66eb34
--- /dev/null
+++ b/tests/tests/cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck check the number of fields and can change local databases"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy passwd and shadow locally..."
+cp /etc/passwd /etc/shadow tmp/
+echo "OK"
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/passwd tmp/passwd- tmp/shadow tmp/shadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config.txt b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config.txt
new file mode 100644
index 0000000..52fad51
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in gshadow
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/group b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/gshadow b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/passwd b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/shadow b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/shadow
new file mode 100644
index 0000000..3a064c0
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7::
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/passwd b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/shadow b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/shadow
new file mode 100644
index 0000000..c9a0314
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/data/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:x:@TODAY@:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.exp b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.exp
new file mode 100755
index 0000000..b8ec619
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck tmp/passwd tmp/shadow\r"
+expect "no matching password file entry in tmp/shadow"
+expect "add user 'foo' in tmp/shadow? "
+send "yes\r"
+expect "invalid shadow password file entry"
+expect "delete line 'foo:*:'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
new file mode 100755
index 0000000..b7675e6
--- /dev/null
+++ b/tests/tests/cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the number of fields and can change local databases"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "copy passwd and shadow locally..."
+cp /etc/passwd /etc/shadow tmp/
+echo "OK"
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+../../../common/compare_file.pl data/passwd tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow tmp/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/passwd tmp/passwd- tmp/shadow tmp/shadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config.txt b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/group b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/gshadow b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/passwd b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/passwd
new file mode 100644
index 0000000..58f2d75
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1001::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/shadow b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.exp b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.exp
new file mode 100755
index 0000000..1fb8c1d
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "user 'foo': no group 1001"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
new file mode 100755
index 0000000..8df5482
--- /dev/null
+++ b/tests/tests/cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check that the user's GID matches an existing group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config.txt b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/group b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/gshadow b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/passwd b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/passwd
new file mode 100644
index 0000000..33debc5
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+foo:x:1001:1001::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/shadow b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/data/passwd b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/data/passwd
new file mode 100644
index 0000000..a45f378
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/data/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1001:1001::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.exp b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.exp
new file mode 100755
index 0000000..825a111
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/sh'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
new file mode 100755
index 0000000..4d4b957
--- /dev/null
+++ b/tests/tests/cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check that user are uniq"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config.txt b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/group b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/gshadow b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/passwd b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/shadow b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/shadow
new file mode 100644
index 0000000..a5344f5
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/config/etc/shadow
@@ -0,0 +1,12 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/data/shadow b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/data/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/data/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.exp b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.exp
new file mode 100755
index 0000000..4431322
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate shadow password entry"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
new file mode 100755
index 0000000..4430d1a
--- /dev/null
+++ b/tests/tests/cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check unicity of users in the shadow database"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config.txt b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/group b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/passwd
new file mode 100644
index 0000000..69c72ff
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+foo:x:1000:1000::/home:/bin/bash
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.exp b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.exp
new file mode 100755
index 0000000..06dcc79
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/sh'? "
+send "no\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/bash'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
new file mode 100755
index 0000000..9ceb60e
--- /dev/null
+++ b/tests/tests/cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check unicity of users in passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config.txt b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/group b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/gshadow b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/passwd b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/shadow b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/shadow
new file mode 100644
index 0000000..a5344f5
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/config/etc/shadow
@@ -0,0 +1,12 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.exp b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.exp
new file mode 100755
index 0000000..8ee1246
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate shadow password entry"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "no\r"
+expect "duplicate shadow password entry"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "no\r"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
new file mode 100755
index 0000000..8eed716
--- /dev/null
+++ b/tests/tests/cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks unicity of users in shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config.txt b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/group b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/gshadow b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/passwd b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/passwd
new file mode 100644
index 0000000..69c72ff
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+foo:x:1000:1000::/home:/bin/bash
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/shadow b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/data/passwd b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/data/passwd
new file mode 100644
index 0000000..6377a5d
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/data/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.exp b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.exp
new file mode 100755
index 0000000..33accaf
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/sh'? "
+send "no\r"
+expect "duplicate password entry"
+expect "delete line 'foo:x:1000:1000::/home:/bin/bash'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
new file mode 100755
index 0000000..d61a946
--- /dev/null
+++ b/tests/tests/cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks the unicity of users in passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config.txt b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/group b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/gshadow b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/passwd b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/passwd
new file mode 100644
index 0000000..a82dbf6
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+f o o:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/shadow b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/shadow
new file mode 100644
index 0000000..f771b66
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+f o o:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.exp b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.exp
new file mode 100755
index 0000000..3767009
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid user name 'f o o'"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.test b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.test
new file mode 100755
index 0000000..587f11c
--- /dev/null
+++ b/tests/tests/cktools/pwck/18_pwck_invalid_user_name/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the validity of usernames"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config.txt b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/group b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/gshadow b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/passwd b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/passwd
new file mode 100644
index 0000000..850768a
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:-1:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/shadow b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/passwd b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/shadow b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.exp b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.exp
new file mode 100755
index 0000000..6c51256
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:-1:1000::/home:/bin/sh'? "
+send "yes\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
new file mode 100755
index 0000000..8b56894
--- /dev/null
+++ b/tests/tests/cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks the validity of UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config.txt b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/group b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/gshadow b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/passwd b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..e438734
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:4294967295:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/shadow b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.exp b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.exp
new file mode 100755
index 0000000..d69ab37
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid user ID '4294967295'"
+expect "pwck: no changes"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
new file mode 100755
index 0000000..19d157f
--- /dev/null
+++ b/tests/tests/cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck check the validity of the UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config.txt b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/group b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/gshadow b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/passwd b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/passwd
new file mode 100644
index 0000000..de8dd66
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/passwd
@@ -0,0 +1,11 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:4294967296:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/shadow b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/passwd b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/passwd
new file mode 100644
index 0000000..2b911d1
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/passwd
@@ -0,0 +1,10 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/shadow b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/shadow
new file mode 100644
index 0000000..0a2fddb
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/data/shadow
@@ -0,0 +1,10 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.exp b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.exp
new file mode 100755
index 0000000..4dc35ce
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "pwck\r"
+expect "invalid password file entry"
+expect "delete line 'foo:x:4294967296:1000::/home:/bin/sh'? "
+send "yes\r"
+expect "no matching password file entry in /etc/passwd"
+expect "delete line 'foo:!:12977:0:99999:7:::'? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
new file mode 100755
index 0000000..8b56894
--- /dev/null
+++ b/tests/tests/cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck checks the validity of UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config.txt b/tests/tests/cktools/pwck/22_pwck_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/group b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/gshadow b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/passwd b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/config/etc/shadow b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/data/usage.out b/tests/tests/cktools/pwck/22_pwck_usage/data/usage.out
new file mode 100644
index 0000000..fa62941
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/data/usage.out
@@ -0,0 +1,10 @@
+Usage: pwck [options] [passwd [shadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -q, --quiet                   report errors only
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/pwck/22_pwck_usage/pwck.test b/tests/tests/cktools/pwck/22_pwck_usage/pwck.test
new file mode 100755
index 0000000..ccca31a
--- /dev/null
+++ b/tests/tests/cktools/pwck/22_pwck_usage/pwck.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwck usage (pwck -h)..."
+pwck -h >tmp/usage.out
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config.txt b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config.txt
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/group b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/gshadow b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/passwd b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/shadow b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/data/pwck.err b/tests/tests/cktools/pwck/23_pwck_locked_passwd/data/pwck.err
new file mode 100644
index 0000000..798e427
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/data/pwck.err
@@ -0,0 +1,2 @@
+pwck: existing lock file /etc/passwd.lock without a PID
+pwck: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/cktools/pwck/23_pwck_locked_passwd/pwck.test b/tests/tests/cktools/pwck/23_pwck_locked_passwd/pwck.test
new file mode 100755
index 0000000..8731b28
--- /dev/null
+++ b/tests/tests/cktools/pwck/23_pwck_locked_passwd/pwck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Check user database (pwck)..."
+pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config.txt b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config.txt
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/group b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/gshadow b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/passwd b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/shadow b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/data/pwck.err b/tests/tests/cktools/pwck/24_pwck_locked_shadow/data/pwck.err
new file mode 100644
index 0000000..f8112fb
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/data/pwck.err
@@ -0,0 +1,2 @@
+pwck: existing lock file /etc/shadow.lock without a PID
+pwck: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/cktools/pwck/24_pwck_locked_shadow/pwck.test b/tests/tests/cktools/pwck/24_pwck_locked_shadow/pwck.test
new file mode 100755
index 0000000..61e2926
--- /dev/null
+++ b/tests/tests/cktools/pwck/24_pwck_locked_shadow/pwck.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Check user database (pwck)..."
+pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config.txt b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config.txt
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/group b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/gshadow b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/passwd b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/shadow b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/data/pwck.err b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/data/pwck.err
new file mode 100644
index 0000000..b08f13f
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/data/pwck.err
@@ -0,0 +1,11 @@
+pwck: invalid option -- 'Z'
+Usage: pwck [options] [passwd [shadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -q, --quiet                   report errors only
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/pwck.test b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/pwck.test
new file mode 100755
index 0000000..a8d5941
--- /dev/null
+++ b/tests/tests/cktools/pwck/25_pwck_usage_invalid_option/pwck.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck displays its usage message when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwck with an invalid option (pwck -Z)..."
+pwck -Z 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config.txt b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config.txt
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/group b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/gshadow b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/passwd b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/shadow b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/data/pwck.err b/tests/tests/cktools/pwck/26_pwck_usage-s-r/data/pwck.err
new file mode 100644
index 0000000..e44d375
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/data/pwck.err
@@ -0,0 +1 @@
+pwck: -s and -r are incompatible
diff --git a/tests/tests/cktools/pwck/26_pwck_usage-s-r/pwck.test b/tests/tests/cktools/pwck/26_pwck_usage-s-r/pwck.test
new file mode 100755
index 0000000..6f0a3b5
--- /dev/null
+++ b/tests/tests/cktools/pwck/26_pwck_usage-s-r/pwck.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck warns that -r and -s are exclusive"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwck with the -r and -s options (pwck -r -s)..."
+pwck -r -s 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config.txt b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config.txt
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/group b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/gshadow b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/passwd b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/shadow b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/data/pwck.err b/tests/tests/cktools/pwck/27_pwck_usage_3_files/data/pwck.err
new file mode 100644
index 0000000..fa62941
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/data/pwck.err
@@ -0,0 +1,10 @@
+Usage: pwck [options] [passwd [shadow]]
+
+Options:
+  -h, --help                    display this help message and exit
+  -q, --quiet                   report errors only
+  -r, --read-only               display errors and warnings
+                                but do not change files
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sort                    sort entries by UID
+
diff --git a/tests/tests/cktools/pwck/27_pwck_usage_3_files/pwck.test b/tests/tests/cktools/pwck/27_pwck_usage_3_files/pwck.test
new file mode 100755
index 0000000..9c8c81d
--- /dev/null
+++ b/tests/tests/cktools/pwck/27_pwck_usage_3_files/pwck.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck displays its usage message when called with 3 files"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwck with 3 files (pwck data/passwd data/shadow data/foo)..."
+pwck data/passwd data/shadow data/foo 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config.txt b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/group b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/gshadow b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/passwd b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..57434e6
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:pass:1000:1000::/home/foo:/bin/sh
+foo:pass:1001:1000::/tmp:/bin/sh
+foo2:pass:1000:1000::/tmp:/bin/shs
+foo3:x:1000:1000::/tmp:
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/shadow b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/data/pwck.out b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/data/pwck.out
new file mode 100644
index 0000000..e0cac3d
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/data/pwck.out
@@ -0,0 +1,7 @@
+duplicate password entry
+delete line 'foo:pass:1000:1000::/home/foo:/bin/sh'? No
+user 'foo': directory '/home/foo' does not exist
+duplicate password entry
+delete line 'foo:pass:1001:1000::/tmp:/bin/sh'? No
+user 'foo2': program '/bin/shs' does not exist
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/28_pwck_no_shadow_file/pwck.test b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/pwck.test
new file mode 100755
index 0000000..e792f78
--- /dev/null
+++ b/tests/tests/cktools/pwck/28_pwck_no_shadow_file/pwck.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report issues when the shadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config.txt b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/group b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/gshadow b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/passwd b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/passwd
new file mode 100644
index 0000000..ded978d
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:x:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/shadow b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/shadow
new file mode 100644
index 0000000..3781988
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:99997:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/data/pwck.out b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/data/pwck.out
new file mode 100644
index 0000000..12d2fbf
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/data/pwck.out
@@ -0,0 +1,2 @@
+user foo: last password change in the future
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/29_pwck_password_change_in_future/pwck.test b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/pwck.test
new file mode 100755
index 0000000..6ccd810
--- /dev/null
+++ b/tests/tests/cktools/pwck/29_pwck_password_change_in_future/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks that the password was set in the past"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config.txt b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/group b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/gshadow b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/passwd b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/passwd
new file mode 100644
index 0000000..e5bbc07
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:x:1000:1000::/home:/bin/sh
++::::::
+-bar::::::
+foo:x:1001:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/shadow b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/shadow
new file mode 100644
index 0000000..d3c0765
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/config/etc/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:99997:0:99999:7:::
++::::::::
+-bar::::::::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/data/pwck.out b/tests/tests/cktools/pwck/30_pwck_NIS_entries/data/pwck.out
new file mode 100644
index 0000000..56dce35
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/data/pwck.out
@@ -0,0 +1,10 @@
+duplicate password entry
+delete line 'foo:x:1000:1000::/home:/bin/sh'? No
+duplicate password entry
+delete line 'foo:x:1001:1000::/home:/bin/sh'? No
+duplicate shadow password entry
+delete line 'Debian-exim:!:12977:0:99999:7:::'? No
+user foo: last password change in the future
+duplicate shadow password entry
+delete line 'Debian-exim:!:12977:0:99999:7:::'? No
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/30_pwck_NIS_entries/pwck.test b/tests/tests/cktools/pwck/30_pwck_NIS_entries/pwck.test
new file mode 100755
index 0000000..733fa94
--- /dev/null
+++ b/tests/tests/cktools/pwck/30_pwck_NIS_entries/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck ignores NIS lines silently"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config.txt b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/group b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/gshadow b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/passwd b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/passwd
new file mode 100644
index 0000000..fbeb96c
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/tmp:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/tmp:/bin/sh
+uucp:x:10:10:uucp:/tmp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/tmp:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/tmp:/bin/sh
+irc:x:39:39:ircd:/tmp:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/tmp:/bin/sh
+nobody:x:65534:65534:nobody:/tmp:/bin/sh
+Debian-exim:x:102:102::/tmp:/bin/false
+foo:pass:1000:1000::/home:/bin/sh
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/shadow b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/data/pwck.out b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/data/pwck.out
new file mode 100644
index 0000000..5cedc7c
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/data/pwck.out
@@ -0,0 +1,2 @@
+user foo has an entry in /etc/shadow, but its password field in /etc/passwd is not set to 'x'
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
new file mode 100755
index 0000000..4c5b1f5
--- /dev/null
+++ b/tests/tests/cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck checks that the password is set to x if there is a shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user database (pwck -r)..."
+pwck -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config.txt b/tests/tests/cktools/pwck/32_pwck_quiet/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/group b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/gshadow b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/passwd b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/passwd
new file mode 100644
index 0000000..4491abe
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+Debian-exim:x:103:102::/var/spool/exim4:/bin/false
+Debian-exim2:x:104:103::/var/spool/exim4:/bin/false
+Debian-exim3:x:102:103::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/shadow b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/data/pwck.out b/tests/tests/cktools/pwck/32_pwck_quiet/data/pwck.out
new file mode 100644
index 0000000..c9a8c2c
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/data/pwck.out
@@ -0,0 +1,9 @@
+duplicate password entry
+delete line 'Debian-exim:x:102:102::/var/spool/exim4:/bin/false'? No
+duplicate password entry
+delete line 'Debian-exim:x:103:102::/var/spool/exim4:/bin/false'? No
+no matching password file entry in /etc/shadow
+add user 'Debian-exim2' in /etc/shadow? No
+no matching password file entry in /etc/shadow
+add user 'Debian-exim3' in /etc/shadow? No
+pwck: no changes
diff --git a/tests/tests/cktools/pwck/32_pwck_quiet/pwck.test b/tests/tests/cktools/pwck/32_pwck_quiet/pwck.test
new file mode 100755
index 0000000..c8a8b8e
--- /dev/null
+++ b/tests/tests/cktools/pwck/32_pwck_quiet/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwck usage (pwck -q -r)..."
+pwck -q -r >tmp/pwck.out && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.out
+echo "======================================================================="
+echo -n "Check the report..."
+diff -au data/pwck.out tmp/pwck.out
+echo "report OK."
+rm -f tmp/pwck.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cleanup.sh b/tests/tests/cleanup.sh
new file mode 100755
index 0000000..26b1b27
--- /dev/null
+++ b/tests/tests/cleanup.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+for t in *
+do
+	if [ ! -d $t/data ]; then continue; fi
+	for i in passwd group shadow gshadow
+	do
+		if [ -f $t/data/$i ]
+		then
+			if cmp -s $t/config/etc/$i $t/data/$i
+			then
+				echo "# $t/data/$i identical to config"
+				svn rm "$t/data/$i"
+			fi
+		fi
+	done
+done
+
+for t in *
+do
+	cd $t
+	if [ ! -d data ]; then cd ..; continue; fi
+	for i in data/*
+	do
+		if [ ! -f $i ]; then continue; fi
+		if ! grep -q $i *.test
+		then
+			echo "# $t/$i not used"
+			svn rm "$i"
+		fi
+	done
+	cd ..
+done
diff --git a/tests/tests/common/Makefile b/tests/tests/common/Makefile
new file mode 100644
index 0000000..4ee04dd
--- /dev/null
+++ b/tests/tests/common/Makefile
@@ -0,0 +1,14 @@
+all: \
+	fopen_failure.so \
+	link_failure.so \
+	open_RDONLY_failure.so \
+	open_RDWR_failure.so \
+	rename_failure.so \
+	rmdir_failure.so \
+	time_0.so \
+	time_past.so \
+	unlink_failure.so \
+	unlinkat_failure.so
+
+%.so: %.c
+	gcc -W -Wall -pedantic -g $< -shared -ldl -o $@
diff --git a/tests/tests/common/compare_file.pl b/tests/tests/common/compare_file.pl
new file mode 100755
index 0000000..eb498d3
--- /dev/null
+++ b/tests/tests/common/compare_file.pl
@@ -0,0 +1,116 @@
+#!/usr/bin/perl
+
+open (TEMPLATE, $ARGV[0]) or die "Cannot open '".$ARGV[0]."': $!";
+my $template = join "", <TEMPLATE>;
+open (FILE, $ARGV[1]) or die "Cannot open '".$ARGV[1]."': $!";
+my $file = join "", <FILE>;
+
+my $today = int(time()/(24*3600));
+$template =~ s/\@TODAY\@/$today/g;
+
+my $tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_DES ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_DES $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $checkpass = qx|/usr/bin/openssl passwd -crypt -salt '$cryptpass' $pass 2>tmp/openssl.err|;
+		chomp $checkpass;
+
+		system "cat tmp/openssl.err"
+			if ($checkpass ne $cryptpass);
+		system "rm -f tmp/openssl.err";
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+$tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_MD5 ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_MD5 $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $salt = $cryptpass;
+		$salt =~ s/^\$1\$//;
+		$salt =~ s/\$.*$//;
+		my $checkpass = qx|/usr/bin/openssl passwd -1 -salt '$salt' '$pass'|;
+		chomp $checkpass;
+
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+$tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_SHA256 ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_SHA256 $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $salt = $cryptpass;
+		$salt =~ s/^\$5\$//;
+		my $rounds = "";
+		if ($salt =~ s/^rounds=([0-9]*)\$//) {
+			$rounds = "-R $1";
+		}
+
+		$salt =~ s/\$.*$//;
+		my $checkpass = qx!echo '$pass' | /usr/bin/mkpasswd -m sha-256 --salt '$salt' $rounds --stdin!;
+		chomp $checkpass;
+
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+$tmp = $template;
+while ($tmp =~ m/^(.*?)([^\n]*):\@PASS_SHA512 ([^:]*)\@:(.*)$/s) {
+	my $user = $2;
+	my $pass = $3;
+	$tmp = $4;
+	if ($file =~ m/^$user:/m) {
+		$file =~ s/^$user:([^:]*):(.*)$/$user:\@PASS_SHA512 $pass\@:$2/m;
+		my $cryptpass = $1;
+		# Check the password
+		my $salt = $cryptpass;
+		$salt =~ s/^\$6\$//;
+		my $rounds = "";
+		if ($salt =~ s/^rounds=([0-9]*)\$//) {
+			$rounds = "-R $1";
+		}
+
+		$salt =~ s/\$.*$//;
+		my $checkpass = qx!echo '$pass' | /usr/bin/mkpasswd -m sha-512 --salt '$salt' $rounds --stdin!;
+		chomp $checkpass;
+
+		die "Wrong password for $user: '$cryptpass'. Expected password: '$checkpass'\n"
+			if ($checkpass ne $cryptpass);
+	} else {
+		die "No user '$user' in ".$ARGV[1].".\n";
+	}
+}
+
+
+exit 0 if ($file =~ m/^\Q$template\E$/s);
+
+print "Files differ.\n";
+
+system "diff", "-au", $ARGV[0], $ARGV[1];
+
+exit 1
diff --git a/tests/tests/common/config.sh b/tests/tests/common/config.sh
new file mode 100644
index 0000000..a2f8df0
--- /dev/null
+++ b/tests/tests/common/config.sh
@@ -0,0 +1,132 @@
+# Generic functions to save, change, and restore configuration files
+
+set -e
+
+build_path=$(pwd)
+while [ "${build_path}" != "/" -a ! -e "${build_path}/.git" ]; do
+	build_path=$(dirname ${build_path})
+done
+if [ ! -e "${build_path}/.git" ]; then
+	echo "Not inside git directory" 1>&2
+	exit 1
+fi
+
+# Save the configuration files in tmp.
+save_config ()
+{
+	[ ! -d tmp ] && mkdir tmp
+	find config -depth -type f -print | sed -e 's/config\///' |
+	while read file
+	do
+		mkdir -p "tmp/$(dirname "$file")"
+		[ -f "/$file" ] && cp -dp "/$file" "tmp/$file" || true
+	done
+	# remove some things which can mess up PATH for some of our tests
+	# on github runners
+	mkdir -p "tmp/root"
+	cp -dp /root/.bashrc tmp/root/.bashrc
+	cp -dp /root/.profile tmp/root/.profile
+	sed -i '/pipx/d' /root/.bashrc /root/.profile
+	sed -i '/etc\/skel\/.cargo\/env/d' /root/.bashrc /root/.profile
+}
+
+# Copy the config files from config to the system
+change_config ()
+{
+	find config -depth -type f -print | sed -e 's/config\///' |
+	while read file
+	do
+		cp -f "config/$file" "/$file"
+	done
+}
+
+# Restored the config files in the system.
+# The config files must be saved before with save_config ().
+restore_config ()
+{
+	find config -depth -type f -print | sed -e 's/config\///' |
+	while read file
+	do
+		if [ -f "tmp/$file" ]; then
+			cp -dp "tmp/$file" "/$file"
+			rm "tmp/$file"
+		else
+			rm -f "/$file"
+		fi
+		d="$(dirname "tmp/$file")"
+		while [ -n "$d" ] && [ "$d" != "." ]
+		do
+			rmdir "$d" 2>/dev/null || true
+			d="$(dirname "$d")"
+		done
+	done
+
+	rmdir tmp 2>/dev/null || true
+}
+
+prepare_chroot ()
+{
+	mkdir tmp/root
+	cp -rfdp config_chroot/* tmp/root/
+
+	lists=/root/tests/common/config_chroot.list
+	[ -f config_chroot.list ] && lists="$lists config_chroot.list"
+	cat $lists | grep -v "#" | while read f
+	do
+		# Create parent directory if needed
+		d=$(dirname tmp/root/$f)
+		[ -d $d ] || mkdir -p $d
+		# Create hard link
+		ln $f tmp/root/$f
+	done
+
+	# Copy existing gcda
+	mkdir -p tmp/root$build_path/lib
+	mkdir -p tmp/root$build_path/src
+	find "$build_path" -name "*.gcda" | while read f
+	do
+		ln $f tmp/root/$f
+	done
+}
+
+clean_chroot ()
+{
+	# Remove copied files
+	lists=/root/tests/common/config_chroot.list
+	[ -f config_chroot.list ] && lists="$lists config_chroot.list"
+	cat $lists | grep -v "#" | while read f
+	do
+		rm -f tmp/root/$f
+		# Remove parent directory if empty
+		d=$(dirname tmp/root/$f)
+		rmdir -p --ignore-fail-on-non-empty $d
+	done
+
+	find "$build_path" -name "*.gcda" | while read f
+	do
+		rm -f tmp/root/$f
+	done
+	find tmp/root -name "*.gcda" | while read f
+	do
+		g=${f#tmp/root}
+		mv "$f" "$g"
+	done
+	rmdir tmp/root$build_path/lib
+	rmdir tmp/root$build_path/src
+	rmdir tmp/root$build_path
+	rmdir tmp/root/root/build
+	rmdir tmp/root/root
+
+	find config_chroot -type f | while read f
+	do
+		f=${f#config_chroot/}
+		rm -f tmp/root/$f
+	done
+
+	find config_chroot -depth -type d | while read d
+	do
+		d=${d#config_chroot}
+		[ -d "tmp/root$d" ] && rmdir tmp/root$d
+	done
+}
+
diff --git a/tests/tests/common/config_chroot-i386.list b/tests/tests/common/config_chroot-i386.list
new file mode 100644
index 0000000..ba7bf8a
--- /dev/null
+++ b/tests/tests/common/config_chroot-i386.list
@@ -0,0 +1,25 @@
+/lib/i386-linux-gnu/ld-2.13.so
+/lib/i386-linux-gnu/ld-linux.so.2
+/lib/ld-linux.so.2
+/lib/i386-linux-gnu/libcrypt-2.13.so
+/lib/i386-linux-gnu/libcrypt.so.1
+/lib/i386-linux-gnu/libc-2.13.so
+/lib/i386-linux-gnu/libc.so.6
+/lib/i386-linux-gnu/libdl-2.13.so
+/lib/i386-linux-gnu/libdl.so.2
+/lib/i386-linux-gnu/libnsl-2.13.so
+/lib/i386-linux-gnu/libnsl.so.1
+/lib/i386-linux-gnu/libnss_compat-2.13.so
+/lib/i386-linux-gnu/libnss_compat.so.2
+/lib/i386-linux-gnu/libpamc.so.0
+/lib/i386-linux-gnu/libpamc.so.0.82.1
+/lib/i386-linux-gnu/libpam_misc.so.0
+/lib/i386-linux-gnu/libpam_misc.so.0.82.0
+/lib/i386-linux-gnu/libpam.so.0
+/lib/i386-linux-gnu/libpam.so.0.83.0
+/lib/i386-linux-gnu/libselinux.so.1
+/lib/i386-linux-gnu/security/pam_deny.so
+/lib/i386-linux-gnu/security/pam_permit.so
+/lib/i386-linux-gnu/security/pam_rootok.so
+/lib/i386-linux-gnu/security/pam_shells.so
+/lib/i386-linux-gnu/security/pam_unix.so
diff --git a/tests/tests/common/config_chroot-powerpc.list b/tests/tests/common/config_chroot-powerpc.list
new file mode 100644
index 0000000..e6c344e
--- /dev/null
+++ b/tests/tests/common/config_chroot-powerpc.list
@@ -0,0 +1,25 @@
+/lib/powerpc-linux-gnu/ld-2.13.so
+/lib/powerpc-linux-gnu/ld.so.1
+/lib/ld.so.1
+/lib/powerpc-linux-gnu/libcrypt-2.13.so
+/lib/powerpc-linux-gnu/libcrypt.so.1
+/lib/powerpc-linux-gnu/libc-2.13.so
+/lib/powerpc-linux-gnu/libc.so.6
+/lib/powerpc-linux-gnu/libdl-2.13.so
+/lib/powerpc-linux-gnu/libdl.so.2
+/lib/powerpc-linux-gnu/libnsl-2.13.so
+/lib/powerpc-linux-gnu/libnsl.so.1
+/lib/powerpc-linux-gnu/libnss_compat-2.13.so
+/lib/powerpc-linux-gnu/libnss_compat.so.2
+/lib/powerpc-linux-gnu/libpamc.so.0
+/lib/powerpc-linux-gnu/libpamc.so.0.82.1
+/lib/powerpc-linux-gnu/libpam_misc.so.0
+/lib/powerpc-linux-gnu/libpam_misc.so.0.82.0
+/lib/powerpc-linux-gnu/libpam.so.0
+/lib/powerpc-linux-gnu/libpam.so.0.83.0
+/lib/powerpc-linux-gnu/libselinux.so.1
+/lib/powerpc-linux-gnu/security/pam_deny.so
+/lib/powerpc-linux-gnu/security/pam_permit.so
+/lib/powerpc-linux-gnu/security/pam_rootok.so
+/lib/powerpc-linux-gnu/security/pam_shells.so
+/lib/powerpc-linux-gnu/security/pam_unix.so
diff --git a/tests/tests/common/fopen_failure.c b/tests/tests/common/fopen_failure.c
new file mode 100644
index 0000000..750cd66
--- /dev/null
+++ b/tests/tests/common/fopen_failure.c
@@ -0,0 +1,46 @@
+/* 
+ * gcc fopen_failure.c -o fopen_failure.so -shared -ldl 
+ * LD_PRELOAD=./fopen_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef FILE * (*fopen_type) (const char *path, const char *mode);
+static fopen_type next_fopen;
+
+static const char *failure_path = NULL;
+
+FILE *fopen64 (const char *path, const char *mode)
+{
+printf ("fopen64(%s, %s)\n", path, mode);
+	if (NULL == next_fopen)
+	{
+		next_fopen = dlsym (RTLD_NEXT, "fopen64");
+		assert (NULL != next_fopen);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != path)
+	    && (NULL != failure_path)
+	    && (strcmp (path, failure_path) == 0))
+	{
+		fprintf (stderr, "fopen64 FAILURE %s %s ...\n", path, mode);
+		errno = EIO;
+		return NULL;
+	}
+
+	return next_fopen (path, mode);
+}
+
diff --git a/tests/tests/common/link_failure.c b/tests/tests/common/link_failure.c
new file mode 100644
index 0000000..8cf460a
--- /dev/null
+++ b/tests/tests/common/link_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc link_failure.c -o link_failure.so -shared -ldl 
+ * LD_PRELOAD=./link_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*link_type) (const char *oldpath, const char *newpath);
+static link_type next_link;
+
+static const char *failure_path = NULL;
+
+int link (const char *oldpath, const char *newpath)
+{
+	if (NULL == next_link)
+	{
+		next_link = dlsym (RTLD_NEXT, "link");
+		assert (NULL != next_link);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != newpath)
+	    && (NULL != failure_path)
+	    && (strcmp (newpath, failure_path) == 0))
+	{
+		fprintf (stderr, "link FAILURE %s %s\n", oldpath, newpath);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_link (oldpath, newpath);
+}
+
diff --git a/tests/tests/common/log.sh b/tests/tests/common/log.sh
new file mode 100644
index 0000000..4887970
--- /dev/null
+++ b/tests/tests/common/log.sh
@@ -0,0 +1,46 @@
+# Helpers to log messages / status
+
+log_start ()
+{
+	test="$1"
+	rationale="$2"
+	cat << EOF
+
+###############################################################################
+#
+# Test: $test
+#
+###############################################################################
+#
+# Rationale: $rationale
+#
+###############################################################################
+EOF
+}
+
+log_end ()
+{
+	test="$1"
+	cat << EOF
+###############################################################################
+#
+# End of test $test
+#
+###############################################################################
+
+EOF
+}
+
+log_status ()
+{
+	test="$1"
+	status="$2"
+	cat << EOF
+###############################################################################
+#
+# Status of test $test: $status
+#
+###############################################################################
+EOF
+}
+
diff --git a/tests/tests/common/open_RDONLY_failure.c b/tests/tests/common/open_RDONLY_failure.c
new file mode 100644
index 0000000..e14859f
--- /dev/null
+++ b/tests/tests/common/open_RDONLY_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc open_RDONLY_failure.c -o open_RDONLY_failure.so -shared -ldl 
+ * LD_PRELOAD=./open_RDONLY_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef int (*open_type) (const char *pathname, int flag, ...);
+static open_type next_open64;
+
+static const char *failure_path = NULL;
+
+int open64 (const char *pathname, int flag, ...)
+{
+	if (NULL == next_open64)
+	{
+		next_open64 = dlsym (RTLD_NEXT, "open64");
+		assert (NULL != next_open64);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != pathname)
+	    && ((flag & O_ACCMODE) == O_RDONLY)
+	    && (NULL != failure_path)
+	    && (strcmp (pathname, failure_path) == 0))
+	{
+		fprintf (stderr, "open FAILURE %s %x ...\n", pathname, flag&O_ACCMODE);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_open64 (pathname, flag);
+}
+
diff --git a/tests/tests/common/open_RDWR_failure.c b/tests/tests/common/open_RDWR_failure.c
new file mode 100644
index 0000000..5bf1069
--- /dev/null
+++ b/tests/tests/common/open_RDWR_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc open_RDWR_failure.c -o open_RDWR_failure.so -shared -ldl 
+ * LD_PRELOAD=./open_RDWR_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef int (*open_type) (const char *pathname, int flag, ...);
+static open_type next_open64;
+
+static const char *failure_path = NULL;
+
+int open64 (const char *pathname, int flag, ...)
+{
+	if (NULL == next_open64)
+	{
+		next_open64 = dlsym (RTLD_NEXT, "open64");
+		assert (NULL != next_open64);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != pathname)
+	    && ((flag & O_ACCMODE) == O_RDWR)
+	    && (NULL != failure_path)
+	    && (strcmp (pathname, failure_path) == 0))
+	{
+		fprintf (stderr, "open FAILURE %s %x ...\n", pathname, flag&O_ACCMODE);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_open64 (pathname, flag);
+}
+
diff --git a/tests/tests/common/rename_failure.c b/tests/tests/common/rename_failure.c
new file mode 100644
index 0000000..dd02fe5
--- /dev/null
+++ b/tests/tests/common/rename_failure.c
@@ -0,0 +1,50 @@
+/* 
+ * gcc rename_failure.c -o rename_failure.so -shared -ldl 
+ * LD_PRELOAD=./rename_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef int (*rename_type) (const char *old, const char *new);
+static rename_type next_rename;
+
+static const char *failure_path = NULL;
+
+int rename (const char *old, const char *new)
+{
+	if (NULL == next_rename)
+	{
+		next_rename = dlsym (RTLD_NEXT, "rename");
+		assert (NULL != next_rename);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != new)
+	    && (NULL != failure_path)
+	    && (strcmp (new, failure_path) == 0))
+	{
+		fprintf (stderr, "rename FAILURE %s %s\n", old, new);
+		errno = EIO;
+		return -1;
+	}
+
+	return next_rename (old, new);
+}
+
diff --git a/tests/tests/common/rmdir_failure.c b/tests/tests/common/rmdir_failure.c
new file mode 100644
index 0000000..9d775b1
--- /dev/null
+++ b/tests/tests/common/rmdir_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc rmdir_failure.c -o rmdir_failure.so -shared -ldl 
+ * LD_PRELOAD=./rmdir_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*rmdir_type) (const char *path);
+static rmdir_type next_rmdir;
+
+static const char *failure_path = NULL;
+
+int rmdir (const char *path)
+{
+	if (NULL == next_rmdir)
+	{
+		next_rmdir = dlsym (RTLD_NEXT, "rmdir");
+		assert (NULL != next_rmdir);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != path)
+	    && (NULL != failure_path)
+	    && (strcmp (path, failure_path) == 0))
+	{
+		fprintf (stderr, "rmdir FAILURE %s\n", path);
+		errno = EBUSY;
+		return -1;
+	}
+
+	return next_rmdir (path);
+}
+
diff --git a/tests/tests/common/time_0.c b/tests/tests/common/time_0.c
new file mode 100644
index 0000000..6937361
--- /dev/null
+++ b/tests/tests/common/time_0.c
@@ -0,0 +1,16 @@
+/* 
+ * gcc time_0.c -o time_0.so -shared
+ * LD_PRELOAD=./time_0.so ./test
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+
+time_t time (time_t *t)
+{
+	fprintf (stderr, "time 0\n");
+
+	return (time_t)0;
+}
+
diff --git a/tests/tests/common/time_past.c b/tests/tests/common/time_past.c
new file mode 100644
index 0000000..d0eb741
--- /dev/null
+++ b/tests/tests/common/time_past.c
@@ -0,0 +1,52 @@
+/* 
+ * gcc time_past.c -o time_past.so -shared -ldl 
+ * LD_PRELOAD=./time_past.so PAST_DAYS=2 ./test
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+typedef time_t (*time_type) (time_t *t);
+static time_type next_time;
+
+static int time_past = 0;
+static char *past = NULL;
+
+time_t time (time_t *t)
+{
+	time_t res;
+
+	if (NULL == next_time)
+	{
+		next_time = dlsym (RTLD_NEXT, "time");
+		assert (NULL != next_time);
+	}
+	if (NULL == past) {
+		const char *past = getenv ("PAST_DAYS");
+		if (NULL == past) {
+			fputs ("No PAST_DAYS defined\n", stderr);
+		}
+		time_past = atoi (past);
+	}
+
+	res = next_time (t);
+	res -= 24*60*60*time_past;
+
+	if (NULL != t) {
+		*t = res;
+	}
+
+	return res;
+}
+
diff --git a/tests/tests/common/unlink_failure.c b/tests/tests/common/unlink_failure.c
new file mode 100644
index 0000000..2281c8a
--- /dev/null
+++ b/tests/tests/common/unlink_failure.c
@@ -0,0 +1,51 @@
+/* 
+ * gcc unlink_failure.c -o unlink_failure.so -shared -ldl 
+ * LD_PRELOAD=./unlink_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*unlink_type) (const char *path);
+static unlink_type next_unlink;
+
+static const char *failure_path = NULL;
+
+int unlink (const char *path)
+{
+	if (NULL == next_unlink)
+	{
+		next_unlink = dlsym (RTLD_NEXT, "unlink");
+		assert (NULL != next_unlink);
+	}
+	if (NULL == failure_path) {
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+	}
+
+	if (   (NULL != path)
+	    && (NULL != failure_path)
+	    && (strcmp (path, failure_path) == 0))
+	{
+		fprintf (stderr, "unlink FAILURE %s\n", path);
+		errno = EBUSY;
+		return -1;
+	}
+
+	return next_unlink (path);
+}
+
diff --git a/tests/tests/common/unlinkat_failure.c b/tests/tests/common/unlinkat_failure.c
new file mode 100644
index 0000000..5b8bf95
--- /dev/null
+++ b/tests/tests/common/unlinkat_failure.c
@@ -0,0 +1,62 @@
+/* 
+ * gcc unlinkat_failure.c -o unlinkat_failure.so -shared -ldl 
+ * LD_PRELOAD=./unlinkat_failure.so FAILURE_PATH=/etc/shadow ./test /etc/shadow
+ */
+
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+typedef int (*unlinkat_type) (int dirfd, const char *pathname, int flags);
+static unlinkat_type next_unlinkat;
+
+static const char *failure_path = NULL;
+static dev_t failure_dev = -1;
+static ino_t failure_ino = -1;
+
+int unlinkat (int dirfd, const char *pathname, int flags)
+{
+	if (NULL == next_unlinkat)
+	{
+		next_unlinkat = dlsym (RTLD_NEXT, "unlinkat");
+		assert (NULL != next_unlinkat);
+	}
+	if (NULL == failure_path) {
+		struct stat sb;
+		failure_path = getenv ("FAILURE_PATH");
+		if (NULL == failure_path) {
+			fputs ("No FAILURE_PATH defined\n", stderr);
+		}
+		if (lstat (failure_path, &sb) != 0) {
+			fputs ("Can't lstat FAILURE_PATH\n", stderr);
+		}
+		failure_dev = sb.st_dev;
+		failure_ino = sb.st_ino;
+	}
+
+	if (   (NULL != pathname)
+	    && (NULL != failure_path)) {
+		struct stat sb;
+		if (   (fstatat (dirfd, pathname, &sb, flags) == 0)
+		    && (sb.st_dev == failure_dev)
+		    && (sb.st_ino == failure_ino)) {
+			fprintf (stderr, "unlinkat FAILURE %s\n", failure_path);
+			errno = EBUSY;
+			return -1;
+		}
+	}
+
+	return next_unlinkat (dirfd, pathname, flags);
+}
+
diff --git a/tests/tests/convtools/01/data/1/group b/tests/tests/convtools/01/data/1/group
new file mode 100644
index 0000000..a34689a
--- /dev/null
+++ b/tests/tests/convtools/01/data/1/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/convtools/01/data/1/passwd b/tests/tests/convtools/01/data/1/passwd
new file mode 100644
index 0000000..a9a08c8
--- /dev/null
+++ b/tests/tests/convtools/01/data/1/passwd
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/convtools/01/data/2/group b/tests/tests/convtools/01/data/2/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/convtools/01/data/2/gshadow b/tests/tests/convtools/01/data/2/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/convtools/01/data/2/passwd b/tests/tests/convtools/01/data/2/passwd
new file mode 100644
index 0000000..e8242fe
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite:x:424243:424243::/home:/bin/bash
diff --git a/tests/tests/convtools/01/data/2/shadow b/tests/tests/convtools/01/data/2/shadow
new file mode 100644
index 0000000..6689e4f
--- /dev/null
+++ b/tests/tests/convtools/01/data/2/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+testsuite::12992:0:99999:7:::
diff --git a/tests/tests/convtools/01/run b/tests/tests/convtools/01/run
new file mode 100755
index 0000000..fadf7c8
--- /dev/null
+++ b/tests/tests/convtools/01/run
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that su can be used to switch to root and to a normal account
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp -dp /etc/$i  tmp/$i
+		[ -f /etc/$i- ] && cp -dp /etc/$i- tmp/$i-
+	done
+	DATE=$(date '+%s')
+	DATE=$(( DATE/3600/24 ))
+	WARN=$( grep -E "^PASS_WARN_AGE" /etc/login.defs | { read var val ; echo $val; } )
+	saveifs=$IFS
+	IFS=":"
+	cat data/2/shadow |
+		while read f1 f2 f3 f4 f5 f6 f7 f8 fres
+		do
+			echo "$f1:$f2:$DATE:$f4:$f5:$WARN:::"
+		done > tmp/shadow.2
+	IFS=$saveifs
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp -dp tmp/$i  /etc/$i  && rm tmp/$i
+		[ -f tmp/$i- ] && cp -dp tmp/$i- /etc/$i- && rm tmp/$i-
+	done
+	rm tmp/shadow.2
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	rm -f /etc/$i
+done
+for i in passwd group
+do
+	cp -f data/1/$i /etc/
+done
+
+echo -n "pwconv "
+pwconv
+echo -n "checking..."
+diff -au /etc/passwd  data/2/passwd
+diff -au /etc/shadow  tmp/shadow.2
+diff -au /etc/group   data/1/group
+perms=$(stat -c "%a %u %G" /etc/shadow)
+if [ "$perms" != "440 0 shadow" ]
+then
+	echo "Wrong mode or owners on /etc/shadow."
+	exit 1
+fi
+if [ -f /etc/gshadow ]
+then
+	echo "/etc/gshadow should not exist."
+	exit 1
+fi
+echo "OK"
+
+echo -n "grpconv "
+grpconv
+echo -n "checking..."
+diff -au /etc/passwd  data/2/passwd
+diff -au /etc/shadow  tmp/shadow.2
+diff -au /etc/group   data/2/group
+diff -au /etc/gshadow data/2/gshadow
+echo "OK"
+
+echo -n "pwunconv "
+pwunconv
+echo -n "checking..."
+diff -au /etc/passwd  data/1/passwd
+if [ -f /etc/shadow ]
+then
+	echo "/etc/shadow should not exist. "
+	exit 1
+fi
+diff -au /etc/group   data/2/group
+diff -au /etc/gshadow data/2/gshadow
+echo "OK"
+
+echo -n "grpunconv "
+grpunconv
+echo -n "checking..."
+diff -au /etc/passwd  data/1/passwd
+if [ -f /etc/shadow ]
+then
+	echo "/etc/shadow should not exist. "
+	exit 1
+fi
+diff -au /etc/group   data/1/group
+if [ -f /etc/gshadow ]
+then
+	echo "/etc/gshadow should not exist. "
+	exit 1
+fi
+echo "OK"
+
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config.txt b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config.txt
new file mode 100644
index 0000000..8529433
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config.txt
@@ -0,0 +1,2 @@
+user foo, in group users
+group bar in gshadow, not group
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/group b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/gshadow b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/passwd b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/shadow b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/data/gshadow b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
new file mode 100755
index 0000000..8092d3a
--- /dev/null
+++ b/tests/tests/convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv removes the gshadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config.txt b/tests/tests/convtools/03_grpconv_copy_passwd/config.txt
new file mode 100644
index 0000000..e904dbe
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config.txt
@@ -0,0 +1,2 @@
+group foo with a password in /etc/group
+group foo not in gshadow
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/group b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/gshadow b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/passwd b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/shadow b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/data/group b/tests/tests/convtools/03_grpconv_copy_passwd/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/data/gshadow b/tests/tests/convtools/03_grpconv_copy_passwd/data/gshadow
new file mode 100644
index 0000000..fed75fc
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:$1$foogroupPassword::
diff --git a/tests/tests/convtools/03_grpconv_copy_passwd/grpconv.test b/tests/tests/convtools/03_grpconv_copy_passwd/grpconv.test
new file mode 100755
index 0000000..2cf4989
--- /dev/null
+++ b/tests/tests/convtools/03_grpconv_copy_passwd/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv copies the password from group to gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/04_grpconv_no_password/config.txt b/tests/tests/convtools/04_grpconv_no_password/config.txt
new file mode 100644
index 0000000..71f8a48
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config.txt
@@ -0,0 +1,2 @@
+group foo with an empty password in group
+group foo not in gshadow
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/group b/tests/tests/convtools/04_grpconv_no_password/config/etc/group
new file mode 100644
index 0000000..52ece62
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo::1000:
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/gshadow b/tests/tests/convtools/04_grpconv_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/passwd b/tests/tests/convtools/04_grpconv_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/04_grpconv_no_password/config/etc/shadow b/tests/tests/convtools/04_grpconv_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/04_grpconv_no_password/data/group b/tests/tests/convtools/04_grpconv_no_password/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/04_grpconv_no_password/data/gshadow b/tests/tests/convtools/04_grpconv_no_password/data/gshadow
new file mode 100644
index 0000000..5c62cfd
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:::
diff --git a/tests/tests/convtools/04_grpconv_no_password/grpconv.test b/tests/tests/convtools/04_grpconv_no_password/grpconv.test
new file mode 100755
index 0000000..da0fb07
--- /dev/null
+++ b/tests/tests/convtools/04_grpconv_no_password/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv moves an empty password from group to gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config.txt b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config.txt
new file mode 100644
index 0000000..891174b
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config.txt
@@ -0,0 +1,3 @@
+group foo in group with a password
+group foo in gshadow without password
+group foo member of users in group, not in gshadow
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/group b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/gshadow b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/passwd b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/shadow b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/group b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/gshadow b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/gshadow
new file mode 100644
index 0000000..fed75fc
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:$1$foogroupPassword::
diff --git a/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
new file mode 100755
index 0000000..2d9f9f3
--- /dev/null
+++ b/tests/tests/convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv copies the password and membership from group to gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpconv)..."
+grpconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config.txt b/tests/tests/convtools/06_grpconv_error_group_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/group b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/gshadow b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/passwd b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/shadow b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/data/grpconv.err b/tests/tests/convtools/06_grpconv_error_group_locked/data/grpconv.err
new file mode 100644
index 0000000..4a63d73
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/data/grpconv.err
@@ -0,0 +1,2 @@
+grpconv: lock /etc/group.lock already used by PID <PID>
+grpconv: cannot lock /etc/group; try again later.
diff --git a/tests/tests/convtools/06_grpconv_error_group_locked/grpconv.test b/tests/tests/convtools/06_grpconv_error_group_locked/grpconv.test
new file mode 100755
index 0000000..0ed4ead
--- /dev/null
+++ b/tests/tests/convtools/06_grpconv_error_group_locked/grpconv.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv tests if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+echo -n $$ > /etc/group.lock
+echo "done"
+
+echo -n "Convert the group files (grpconv)..."
+grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/group..."
+rm -f /etc/group.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+sed -i -e "s/$$/<PID>/" tmp/grpconv.err
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config.txt b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/group b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/gshadow b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/passwd b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/shadow b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/data/grpconv.err b/tests/tests/convtools/07_grpconv_error_gshadow_locked/data/grpconv.err
new file mode 100644
index 0000000..527ecae
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/data/grpconv.err
@@ -0,0 +1,2 @@
+grpconv: existing lock file /etc/gshadow.lock without a PID
+grpconv: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/convtools/07_grpconv_error_gshadow_locked/grpconv.test b/tests/tests/convtools/07_grpconv_error_gshadow_locked/grpconv.test
new file mode 100755
index 0000000..52e03c9
--- /dev/null
+++ b/tests/tests/convtools/07_grpconv_error_gshadow_locked/grpconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv tests if gshadow is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Convert the group files (grpconv)..."
+grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/gshadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config.txt b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config.txt
new file mode 100644
index 0000000..48ac937
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user foo, in group users
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/group b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/gshadow b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/passwd b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/shadow b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/08_grpunconv_no_gshadow_file/grpunconv.test b/tests/tests/convtools/08_grpunconv_no_gshadow_file/grpunconv.test
new file mode 100755
index 0000000..0be3ce8
--- /dev/null
+++ b/tests/tests/convtools/08_grpunconv_no_gshadow_file/grpunconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv exits successfully when the gshadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config.txt b/tests/tests/convtools/09_grpunconv_error_group_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/group b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/gshadow b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/passwd b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/shadow b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/data/grpunconv.err b/tests/tests/convtools/09_grpunconv_error_group_locked/data/grpunconv.err
new file mode 100644
index 0000000..ddfae6f
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/data/grpunconv.err
@@ -0,0 +1,2 @@
+grpunconv: existing lock file /etc/group.lock without a PID
+grpunconv: cannot lock /etc/group; try again later.
diff --git a/tests/tests/convtools/09_grpunconv_error_group_locked/grpunconv.test b/tests/tests/convtools/09_grpunconv_error_group_locked/grpunconv.test
new file mode 100755
index 0000000..7503fe8
--- /dev/null
+++ b/tests/tests/convtools/09_grpunconv_error_group_locked/grpunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/group..."
+rm -f /etc/group.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config.txt b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config.txt
new file mode 100644
index 0000000..f055b05
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config.txt
@@ -0,0 +1 @@
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/group b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/gshadow b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/passwd b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/shadow b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/data/grpunconv.err b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/data/grpunconv.err
new file mode 100644
index 0000000..5547097
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/data/grpunconv.err
@@ -0,0 +1,2 @@
+grpunconv: existing lock file /etc/gshadow.lock without a PID
+grpunconv: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/convtools/10_grpunconv_error_gshadow_locked/grpunconv.test b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
new file mode 100755
index 0000000..7b7490c
--- /dev/null
+++ b/tests/tests/convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/gshadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config.txt b/tests/tests/convtools/11_pwconv_error_passwd_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/group b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/gshadow b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/passwd b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/shadow b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/data/pwconv.err b/tests/tests/convtools/11_pwconv_error_passwd_locked/data/pwconv.err
new file mode 100644
index 0000000..bf83d74
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/data/pwconv.err
@@ -0,0 +1,2 @@
+pwconv: existing lock file /etc/passwd.lock without a PID
+pwconv: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/convtools/11_pwconv_error_passwd_locked/pwconv.test b/tests/tests/convtools/11_pwconv_error_passwd_locked/pwconv.test
new file mode 100755
index 0000000..4d292cb
--- /dev/null
+++ b/tests/tests/convtools/11_pwconv_error_passwd_locked/pwconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv tests if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/passwd..."
+rm -f /etc/passwd.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config.txt b/tests/tests/convtools/12_pwconv_error_shadow_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/group b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/gshadow b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/passwd b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/shadow b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/data/pwconv.err b/tests/tests/convtools/12_pwconv_error_shadow_locked/data/pwconv.err
new file mode 100644
index 0000000..3ac9048
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/data/pwconv.err
@@ -0,0 +1,2 @@
+pwconv: existing lock file /etc/shadow.lock without a PID
+pwconv: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/convtools/12_pwconv_error_shadow_locked/pwconv.test b/tests/tests/convtools/12_pwconv_error_shadow_locked/pwconv.test
new file mode 100755
index 0000000..03bcf6b
--- /dev/null
+++ b/tests/tests/convtools/12_pwconv_error_shadow_locked/pwconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv tests if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Convert the shadow files (pwconv)..."
+pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/shadow..."
+rm -f /etc/shadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config.txt b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/group b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/gshadow b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/passwd b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/shadow b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/data/pwunconv.err b/tests/tests/convtools/13_pwunconv_error_passwd_locked/data/pwunconv.err
new file mode 100644
index 0000000..40d2244
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/data/pwunconv.err
@@ -0,0 +1,2 @@
+pwunconv: existing lock file /etc/passwd.lock without a PID
+pwunconv: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/convtools/13_pwunconv_error_passwd_locked/pwunconv.test b/tests/tests/convtools/13_pwunconv_error_passwd_locked/pwunconv.test
new file mode 100755
index 0000000..bfd7ed3
--- /dev/null
+++ b/tests/tests/convtools/13_pwunconv_error_passwd_locked/pwunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv tests if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Convert the passwd files (pwunconv)..."
+pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/passwd..."
+rm -f /etc/passwd.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config.txt b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config.txt
new file mode 100644
index 0000000..eca9223
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+group foo with a password, not in gshadow
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/group b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/gshadow b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/passwd b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/shadow b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/data/pwunconv.err b/tests/tests/convtools/14_pwunconv_error_shadow_locked/data/pwunconv.err
new file mode 100644
index 0000000..20de665
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/data/pwunconv.err
@@ -0,0 +1,2 @@
+pwunconv: existing lock file /etc/shadow.lock without a PID
+pwunconv: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/convtools/14_pwunconv_error_shadow_locked/pwunconv.test b/tests/tests/convtools/14_pwunconv_error_shadow_locked/pwunconv.test
new file mode 100755
index 0000000..79e6c4e
--- /dev/null
+++ b/tests/tests/convtools/14_pwunconv_error_shadow_locked/pwunconv.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv tests if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Convert the shadow files (pwunconv)..."
+pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Delete lock file for /etc/shadow..."
+rm -f /etc/shadow.lock
+echo "done"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config.txt b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config.txt
new file mode 100644
index 0000000..9f8a836
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config.txt
@@ -0,0 +1,2 @@
+user foo, in group users
+group bar is gshadow, not group
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/group b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/gshadow b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/passwd b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/shadow b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/data/shadow b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/data/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/pwconv.test b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
new file mode 100755
index 0000000..11abe4b
--- /dev/null
+++ b/tests/tests/convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv removes the shadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config.txt b/tests/tests/convtools/16_pwconv_copy_passwd/config.txt
new file mode 100644
index 0000000..a6d9ecd
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config.txt
@@ -0,0 +1 @@
+user foo with a password, not in shadow
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/group b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/gshadow b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/passwd b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/passwd
new file mode 100644
index 0000000..2a53add
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:$1$foogroupPassword:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/shadow b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/shadow
new file mode 100644
index 0000000..498ef86
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:*:12977:0:99999:7:::
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/data/passwd b/tests/tests/convtools/16_pwconv_copy_passwd/data/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/data/shadow b/tests/tests/convtools/16_pwconv_copy_passwd/data/shadow
new file mode 100644
index 0000000..54d97a4
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$foogroupPassword:@TODAY@:0:99999:7:::
diff --git a/tests/tests/convtools/16_pwconv_copy_passwd/pwconv.test b/tests/tests/convtools/16_pwconv_copy_passwd/pwconv.test
new file mode 100755
index 0000000..d25ceb2
--- /dev/null
+++ b/tests/tests/convtools/16_pwconv_copy_passwd/pwconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv removes the shadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config.txt b/tests/tests/convtools/17_pwunconv_no_shadow_file/config.txt
new file mode 100644
index 0000000..4d66ec7
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config.txt
@@ -0,0 +1,6 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
+group bar is gshadow, not group
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/group b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/gshadow b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/passwd b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/shadow b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/17_pwunconv_no_shadow_file/pwunconv.test b/tests/tests/convtools/17_pwunconv_no_shadow_file/pwunconv.test
new file mode 100755
index 0000000..afcd2d7
--- /dev/null
+++ b/tests/tests/convtools/17_pwunconv_no_shadow_file/pwunconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv exits successfully when the shadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Convert the passwd files (pwunconv)..."
+pwunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config.txt b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config.txt
new file mode 100644
index 0000000..a6d9ecd
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config.txt
@@ -0,0 +1 @@
+user foo with a password, not in shadow
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/group b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/gshadow b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/passwd b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/shadow b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/data/passwd b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/data/passwd
new file mode 100644
index 0000000..28f6d45
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/data/passwd
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/18_pwunconv_user_not_in_shadow/pwunconv.test b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
new file mode 100755
index 0000000..44c5e5d
--- /dev/null
+++ b/tests/tests/convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv does not fail when a user is not in the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unconvert the shadow file (pwunconv)..."
+pwunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/19_pwconv_NIS/config.txt b/tests/tests/convtools/19_pwconv_NIS/config.txt
new file mode 100644
index 0000000..a6d9ecd
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config.txt
@@ -0,0 +1 @@
+user foo with a password, not in shadow
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/group b/tests/tests/convtools/19_pwconv_NIS/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/gshadow b/tests/tests/convtools/19_pwconv_NIS/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/passwd b/tests/tests/convtools/19_pwconv_NIS/config/etc/passwd
new file mode 100644
index 0000000..8be0d7b
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:$1$foogroupPassword:1000:1000:::/bin/false
++::::::::
+-bar::::::::
diff --git a/tests/tests/convtools/19_pwconv_NIS/config/etc/shadow b/tests/tests/convtools/19_pwconv_NIS/config/etc/shadow
new file mode 100644
index 0000000..498ef86
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:*:12977:0:99999:7:::
diff --git a/tests/tests/convtools/19_pwconv_NIS/data/passwd b/tests/tests/convtools/19_pwconv_NIS/data/passwd
new file mode 100644
index 0000000..f474274
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
++::::::::
+-bar::::::::
diff --git a/tests/tests/convtools/19_pwconv_NIS/data/shadow b/tests/tests/convtools/19_pwconv_NIS/data/shadow
new file mode 100644
index 0000000..68bbd02
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/data/shadow
@@ -0,0 +1,20 @@
+root:x:@TODAY@:0:99999:7:::
+daemon:x:@TODAY@:0:99999:7:::
+bin:x:@TODAY@:0:99999:7:::
+sys:x:@TODAY@:0:99999:7:::
+sync:x:@TODAY@:0:99999:7:::
+games:x:@TODAY@:0:99999:7:::
+man:x:@TODAY@:0:99999:7:::
+lp:x:@TODAY@:0:99999:7:::
+mail:x:@TODAY@:0:99999:7:::
+news:x:@TODAY@:0:99999:7:::
+uucp:x:@TODAY@:0:99999:7:::
+proxy:x:@TODAY@:0:99999:7:::
+www-data:x:@TODAY@:0:99999:7:::
+backup:x:@TODAY@:0:99999:7:::
+list:x:@TODAY@:0:99999:7:::
+irc:x:@TODAY@:0:99999:7:::
+gnats:x:@TODAY@:0:99999:7:::
+nobody:x:@TODAY@:0:99999:7:::
+Debian-exim:!:@TODAY@:0:99999:7:::
+foo:$1$foogroupPassword:@TODAY@:0:99999:7:::
diff --git a/tests/tests/convtools/19_pwconv_NIS/pwconv.test b/tests/tests/convtools/19_pwconv_NIS/pwconv.test
new file mode 100755
index 0000000..62bd4db
--- /dev/null
+++ b/tests/tests/convtools/19_pwconv_NIS/pwconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv removes the shadow only entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Convert the passwd files (pwconv)..."
+pwconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config.txt b/tests/tests/convtools/20_pwunconv_usage_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/group b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/gshadow b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/passwd b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/config/etc/shadow b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/data/usage.out b/tests/tests/convtools/20_pwunconv_usage_option/data/usage.out
new file mode 100644
index 0000000..30fff4d
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+pwunconv: invalid option -- 'Z'
+Usage: pwunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/20_pwunconv_usage_option/pwunconv.test b/tests/tests/convtools/20_pwunconv_usage_option/pwunconv.test
new file mode 100755
index 0000000..fa2a9d7
--- /dev/null
+++ b/tests/tests/convtools/20_pwunconv_usage_option/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwunconv usage (pwunconv -Z)..."
+pwunconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config.txt b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config.txt
new file mode 100644
index 0000000..cda229c
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config.txt
@@ -0,0 +1 @@
+user foo with a password in passwd (and shadow)
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/group b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/gshadow b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/passwd b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/passwd
new file mode 100644
index 0000000..b58a62b
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/shadow b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/shadow
new file mode 100644
index 0000000..7e164e0
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooshadowpasswd:12977:0:99999:7:::
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/data/passwd b/tests/tests/convtools/21_pwunconv_keep_passwd_password/data/passwd
new file mode 100644
index 0000000..56eb83b
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/data/passwd
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/21_pwunconv_keep_passwd_password/pwunconv.test b/tests/tests/convtools/21_pwunconv_keep_passwd_password/pwunconv.test
new file mode 100755
index 0000000..c795f1f
--- /dev/null
+++ b/tests/tests/convtools/21_pwunconv_keep_passwd_password/pwunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv keeps the password from /etc/passwd (if not 'x'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unconvert the shadow file (pwunconv)..."
+pwunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config.txt b/tests/tests/convtools/22_grpunconv_usage_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/group b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/gshadow b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/passwd b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/config/etc/shadow b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/data/usage.out b/tests/tests/convtools/22_grpunconv_usage_option/data/usage.out
new file mode 100644
index 0000000..7528279
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+grpunconv: invalid option -- 'Z'
+Usage: grpunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/22_grpunconv_usage_option/grpunconv.test b/tests/tests/convtools/22_grpunconv_usage_option/grpunconv.test
new file mode 100755
index 0000000..5c3bc82
--- /dev/null
+++ b/tests/tests/convtools/22_grpunconv_usage_option/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpunconv usage (grpunconv -Z)..."
+grpunconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config.txt b/tests/tests/convtools/23_grpunconv_keep_group_password/config.txt
new file mode 100644
index 0000000..cda229c
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config.txt
@@ -0,0 +1 @@
+user foo with a password in passwd (and shadow)
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/group b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/group
new file mode 100644
index 0000000..8339bd3
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/gshadow b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/gshadow
new file mode 100644
index 0000000..51a7bdb
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:fooshadowpass::
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/passwd b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/passwd
new file mode 100644
index 0000000..b58a62b
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000:::/bin/false
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/shadow b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/shadow
new file mode 100644
index 0000000..7e164e0
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooshadowpasswd:12977:0:99999:7:::
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/data/group b/tests/tests/convtools/23_grpunconv_keep_group_password/data/group
new file mode 100644
index 0000000..2a9e59e
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:foo
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:$1$foogroupPassword:1000:
diff --git a/tests/tests/convtools/23_grpunconv_keep_group_password/grpunconv.test b/tests/tests/convtools/23_grpunconv_keep_group_password/grpunconv.test
new file mode 100755
index 0000000..e3e0127
--- /dev/null
+++ b/tests/tests/convtools/23_grpunconv_keep_group_password/grpunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv keeps the password from /etc/group (if not 'x'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unconvert the shadow file (grpunconv)..."
+grpunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config.txt b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config.txt
new file mode 100644
index 0000000..48ac937
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config.txt
@@ -0,0 +1 @@
+user foo, in group users
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/group b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/gshadow b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..671ebfe
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/passwd b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/shadow b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/data/group b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/data/group
new file mode 100644
index 0000000..6111866
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:x:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:x:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:foo
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:*:1000:
diff --git a/tests/tests/convtools/24_grpunconv_no_gshadow_entry/grpunconv.test b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
new file mode 100755
index 0000000..716d97a
--- /dev/null
+++ b/tests/tests/convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv succeeds even if some entries are no in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Convert the group files (grpunconv)..."
+grpunconv
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config.txt b/tests/tests/convtools/25_pwconv_usage_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config.txt
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/group b/tests/tests/convtools/25_pwconv_usage_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/group
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/gshadow b/tests/tests/convtools/25_pwconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/gshadow
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/passwd b/tests/tests/convtools/25_pwconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/passwd
diff --git a/tests/tests/convtools/25_pwconv_usage_option/config/etc/shadow b/tests/tests/convtools/25_pwconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/config/etc/shadow
diff --git a/tests/tests/convtools/25_pwconv_usage_option/data/usage.out b/tests/tests/convtools/25_pwconv_usage_option/data/usage.out
new file mode 100644
index 0000000..8ecc6af
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+pwconv: invalid option -- 'Z'
+Usage: pwconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/25_pwconv_usage_option/pwconv.test b/tests/tests/convtools/25_pwconv_usage_option/pwconv.test
new file mode 100755
index 0000000..7e6ccaf
--- /dev/null
+++ b/tests/tests/convtools/25_pwconv_usage_option/pwconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwconv usage (pwconv -Z)..."
+pwconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config.txt b/tests/tests/convtools/26_grpconv_usage_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config.txt
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/group b/tests/tests/convtools/26_grpconv_usage_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/group
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/gshadow b/tests/tests/convtools/26_grpconv_usage_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/gshadow
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/passwd b/tests/tests/convtools/26_grpconv_usage_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/passwd
diff --git a/tests/tests/convtools/26_grpconv_usage_option/config/etc/shadow b/tests/tests/convtools/26_grpconv_usage_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/config/etc/shadow
diff --git a/tests/tests/convtools/26_grpconv_usage_option/data/usage.out b/tests/tests/convtools/26_grpconv_usage_option/data/usage.out
new file mode 100644
index 0000000..5da31b4
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/data/usage.out
@@ -0,0 +1,7 @@
+grpconv: invalid option -- 'Z'
+Usage: grpconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/26_grpconv_usage_option/grpconv.test b/tests/tests/convtools/26_grpconv_usage_option/grpconv.test
new file mode 100755
index 0000000..18c033c
--- /dev/null
+++ b/tests/tests/convtools/26_grpconv_usage_option/grpconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpconv usage (grpconv -Z)..."
+grpconv -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/27_pwunconv_usage/config.txt b/tests/tests/convtools/27_pwunconv_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/group b/tests/tests/convtools/27_pwunconv_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/gshadow b/tests/tests/convtools/27_pwunconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/passwd b/tests/tests/convtools/27_pwunconv_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/27_pwunconv_usage/config/etc/shadow b/tests/tests/convtools/27_pwunconv_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/27_pwunconv_usage/data/usage.out b/tests/tests/convtools/27_pwunconv_usage/data/usage.out
new file mode 100644
index 0000000..71f04d9
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/27_pwunconv_usage/pwunconv.test b/tests/tests/convtools/27_pwunconv_usage/pwunconv.test
new file mode 100755
index 0000000..4103eca
--- /dev/null
+++ b/tests/tests/convtools/27_pwunconv_usage/pwunconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwunconv usage (pwunconv -Z)..."
+pwunconv -h >tmp/usage.out
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config.txt b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/28_pwunconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..71f04d9
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/28_pwunconv_usage_extra_arg/pwunconv.test b/tests/tests/convtools/28_pwunconv_usage_extra_arg/pwunconv.test
new file mode 100755
index 0000000..d9a3808
--- /dev/null
+++ b/tests/tests/convtools/28_pwunconv_usage_extra_arg/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwunconv with an argument (pwunconv foo)..."
+pwunconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/29_grpconv_usage/config.txt b/tests/tests/convtools/29_grpconv_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config.txt
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/group b/tests/tests/convtools/29_grpconv_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/group
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/gshadow b/tests/tests/convtools/29_grpconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/gshadow
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/passwd b/tests/tests/convtools/29_grpconv_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/passwd
diff --git a/tests/tests/convtools/29_grpconv_usage/config/etc/shadow b/tests/tests/convtools/29_grpconv_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/config/etc/shadow
diff --git a/tests/tests/convtools/29_grpconv_usage/data/usage.out b/tests/tests/convtools/29_grpconv_usage/data/usage.out
new file mode 100644
index 0000000..80f0fd5
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/29_grpconv_usage/grpconv.test b/tests/tests/convtools/29_grpconv_usage/grpconv.test
new file mode 100755
index 0000000..a6fbd9e
--- /dev/null
+++ b/tests/tests/convtools/29_grpconv_usage/grpconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpconv usage (grpconv -Z)..."
+grpconv -h >tmp/usage.out
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config.txt b/tests/tests/convtools/30_grpconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config.txt
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/group
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/gshadow
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/passwd
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/config/etc/shadow
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/30_grpconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..80f0fd5
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/30_grpconv_usage_extra_arg/grpconv.test b/tests/tests/convtools/30_grpconv_usage_extra_arg/grpconv.test
new file mode 100755
index 0000000..a321a05
--- /dev/null
+++ b/tests/tests/convtools/30_grpconv_usage_extra_arg/grpconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call grpconv with an extra argument (grpconv foo)..."
+grpconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/31_pwconv_usage/config.txt b/tests/tests/convtools/31_pwconv_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config.txt
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/group b/tests/tests/convtools/31_pwconv_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/group
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/gshadow b/tests/tests/convtools/31_pwconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/gshadow
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/passwd b/tests/tests/convtools/31_pwconv_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/passwd
diff --git a/tests/tests/convtools/31_pwconv_usage/config/etc/shadow b/tests/tests/convtools/31_pwconv_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/config/etc/shadow
diff --git a/tests/tests/convtools/31_pwconv_usage/data/usage.out b/tests/tests/convtools/31_pwconv_usage/data/usage.out
new file mode 100644
index 0000000..61b53c5
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/31_pwconv_usage/pwconv.test b/tests/tests/convtools/31_pwconv_usage/pwconv.test
new file mode 100755
index 0000000..dd86723
--- /dev/null
+++ b/tests/tests/convtools/31_pwconv_usage/pwconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get pwconv usage (pwconv -Z)..."
+pwconv -h >tmp/usage.out
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config.txt b/tests/tests/convtools/32_pwconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config.txt
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/group
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/gshadow
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/passwd
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/config/etc/shadow
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/32_pwconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..61b53c5
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: pwconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/32_pwconv_usage_extra_arg/pwconv.test b/tests/tests/convtools/32_pwconv_usage_extra_arg/pwconv.test
new file mode 100755
index 0000000..1ae4ffe
--- /dev/null
+++ b/tests/tests/convtools/32_pwconv_usage_extra_arg/pwconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "pwconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call pwconv with an extra argument (pwconv foo)..."
+pwconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/33_grpunconv_usage/config.txt b/tests/tests/convtools/33_grpunconv_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/group b/tests/tests/convtools/33_grpunconv_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/gshadow b/tests/tests/convtools/33_grpunconv_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/passwd b/tests/tests/convtools/33_grpunconv_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/33_grpunconv_usage/config/etc/shadow b/tests/tests/convtools/33_grpunconv_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/33_grpunconv_usage/data/usage.out b/tests/tests/convtools/33_grpunconv_usage/data/usage.out
new file mode 100644
index 0000000..274b58d
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/33_grpunconv_usage/grpunconv.test b/tests/tests/convtools/33_grpunconv_usage/grpunconv.test
new file mode 100755
index 0000000..d6f6539
--- /dev/null
+++ b/tests/tests/convtools/33_grpunconv_usage/grpunconv.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get grpunconv usage (grpunconv -Z)..."
+grpunconv -h >tmp/usage.out
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config.txt b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/group b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/gshadow b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/passwd b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/shadow b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/data/usage.out b/tests/tests/convtools/34_grpunconv_usage_extra_arg/data/usage.out
new file mode 100644
index 0000000..274b58d
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/data/usage.out
@@ -0,0 +1,6 @@
+Usage: grpunconv [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/convtools/34_grpunconv_usage_extra_arg/grpunconv.test b/tests/tests/convtools/34_grpunconv_usage_extra_arg/grpunconv.test
new file mode 100755
index 0000000..12a0d21
--- /dev/null
+++ b/tests/tests/convtools/34_grpunconv_usage_extra_arg/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "grpunconv displays its usage message in case there isn't the right number of arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call grpunconv with an extra argument (grpunconv foo)..."
+grpunconv foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/coverage.sh b/tests/tests/coverage.sh
new file mode 100755
index 0000000..6deae84
--- /dev/null
+++ b/tests/tests/coverage.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# This script builds the code coverage of the testsuite.
+# The shadow utils must have been compiled with -fprofile-arcs -ftest-coverage
+
+cd ../build/shadow-4.1.3.1/
+rm -rf ../coverage
+mkdir ../coverage
+lcov --directory . --capture --output-file=lcov.data
+
+genhtml --frames --output-directory ../coverage/ --show-details lcov.data
diff --git a/tests/tests/cptools/01/data/group b/tests/tests/cptools/01/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/cptools/01/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/cptools/01/data/group.new b/tests/tests/cptools/01/data/group.new
new file mode 100644
index 0000000..db5f134
--- /dev/null
+++ b/tests/tests/cptools/01/data/group.new
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test:x:10000:
diff --git a/tests/tests/cptools/01/data/gshadow b/tests/tests/cptools/01/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/cptools/01/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/cptools/01/data/gshadow.new b/tests/tests/cptools/01/data/gshadow.new
new file mode 100644
index 0000000..3c9bae9
--- /dev/null
+++ b/tests/tests/cptools/01/data/gshadow.new
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test:x::
diff --git a/tests/tests/cptools/01/data/passwd b/tests/tests/cptools/01/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/cptools/01/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/cptools/01/data/passwd.new b/tests/tests/cptools/01/data/passwd.new
new file mode 100644
index 0000000..148b794
--- /dev/null
+++ b/tests/tests/cptools/01/data/passwd.new
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test:x:10002:10002::/tmp:/bin/false
diff --git a/tests/tests/cptools/01/data/shadow b/tests/tests/cptools/01/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/cptools/01/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/01/data/shadow.new b/tests/tests/cptools/01/data/shadow.new
new file mode 100644
index 0000000..c6e351e
--- /dev/null
+++ b/tests/tests/cptools/01/data/shadow.new
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test:!:10:0:99999:7:::
diff --git a/tests/tests/cptools/01/run1 b/tests/tests/cptools/01/run1
new file mode 100755
index 0000000..26fc044
--- /dev/null
+++ b/tests/tests/cptools/01/run1
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy passwd.new "
+cppw data/passwd.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/passwd data/passwd.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/group data/group
+diff -au /etc/gshadow data/gshadow
+diff -au /etc/shadow data/shadow
+echo "  OK"
diff --git a/tests/tests/cptools/01/run2 b/tests/tests/cptools/01/run2
new file mode 100755
index 0000000..c42238e
--- /dev/null
+++ b/tests/tests/cptools/01/run2
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy group.new "
+cpgr data/group.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/group data/group.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/gshadow data/gshadow
+diff -au /etc/passwd data/passwd
+diff -au /etc/shadow data/shadow
+echo "  OK"
diff --git a/tests/tests/cptools/01/run3 b/tests/tests/cptools/01/run3
new file mode 100755
index 0000000..d213e47
--- /dev/null
+++ b/tests/tests/cptools/01/run3
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy shadow.new "
+cppw -s data/shadow.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/shadow data/shadow.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/group data/group
+diff -au /etc/gshadow data/gshadow
+diff -au /etc/passwd data/passwd
+echo "  OK"
diff --git a/tests/tests/cptools/01/run4 b/tests/tests/cptools/01/run4
new file mode 100755
index 0000000..7cc3fb8
--- /dev/null
+++ b/tests/tests/cptools/01/run4
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# Rational:
+# Test that useradd can add an user and userdel removes it.
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+	for i in passwd group shadow gshadow
+	do
+		[ -f /etc/$i  ] && cp /etc/$i  tmp/$i
+	done
+
+	true
+}
+
+restore()
+{
+	for i in passwd group shadow gshadow
+	do
+		[ -f tmp/$i  ] && cp tmp/$i  /etc/$i  && rm tmp/$i
+	done
+	rmdir tmp
+}
+
+save
+
+# restore the files on exit
+trap 'restore' 0
+
+for i in passwd group shadow gshadow
+do
+	cp data/$i /etc
+done
+
+lines_passwd=$(wc -l /etc/passwd | cut -f1 -d" ")
+lines_shadow=$(wc -l /etc/shadow | cut -f1 -d" ")
+lines_group=$(wc -l /etc/group | cut -f1 -d" ")
+lines_gshadow=$(wc -l /etc/gshadow | cut -f1 -d" ")
+
+echo -n "Copy gshadow.new "
+cpgr -s data/gshadow.new
+echo "OK"
+
+echo -n "test if the password file was copied"
+diff -au /etc/gshadow data/gshadow.new
+echo "  OK"
+
+echo -n "check that the other files were not modified"
+diff -au /etc/group data/group
+diff -au /etc/passwd data/passwd
+diff -au /etc/shadow data/shadow
+echo "  OK"
diff --git a/tests/tests/cptools/02_cppw_usage/config.txt b/tests/tests/cptools/02_cppw_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config.txt
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/group b/tests/tests/cptools/02_cppw_usage/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/group
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/gshadow b/tests/tests/cptools/02_cppw_usage/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/gshadow
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/passwd b/tests/tests/cptools/02_cppw_usage/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/passwd
diff --git a/tests/tests/cptools/02_cppw_usage/config/etc/shadow b/tests/tests/cptools/02_cppw_usage/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/config/etc/shadow
diff --git a/tests/tests/cptools/02_cppw_usage/cppw.test b/tests/tests/cptools/02_cppw_usage/cppw.test
new file mode 100755
index 0000000..ef3b77f
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/cppw.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can displays its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get cppw usage (cppw -h)..."
+cppw -h >tmp/usage.out
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/02_cppw_usage/data/usage.out b/tests/tests/cptools/02_cppw_usage/data/usage.out
new file mode 100644
index 0000000..9efb2a7
--- /dev/null
+++ b/tests/tests/cptools/02_cppw_usage/data/usage.out
@@ -0,0 +1,3 @@
+Usage:
+`cppw <file>' copys over /etc/passwd   `cppw -s <file>' copys over /etc/shadow
+`cpgr <file>' copys over /etc/group    `cpgr -s <file>' copys over /etc/gshadow
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config.txt b/tests/tests/cptools/03_cppw_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config.txt
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/group b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/group
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/gshadow b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/gshadow
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/passwd b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/passwd
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/shadow b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/config/etc/shadow
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/cppw.test b/tests/tests/cptools/03_cppw_usage_invalid_option/cppw.test
new file mode 100755
index 0000000..c6d41e9
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports usage of invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use wrong cppw option (cppw -Z)..."
+/usr/sbin/cppw -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/03_cppw_usage_invalid_option/data/usage.out b/tests/tests/cptools/03_cppw_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..633ff23
--- /dev/null
+++ b/tests/tests/cptools/03_cppw_usage_invalid_option/data/usage.out
@@ -0,0 +1,4 @@
+/usr/sbin/cppw: invalid option -- 'Z'
+Usage:
+`cppw <file>' copys over /etc/passwd   `cppw -s <file>' copys over /etc/shadow
+`cpgr <file>' copys over /etc/group    `cpgr -s <file>' copys over /etc/gshadow
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config.txt b/tests/tests/cptools/04_cppw_no_file_argument/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config.txt
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/group b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/group
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/gshadow b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/gshadow
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/passwd b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/passwd
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/config/etc/shadow b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/config/etc/shadow
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/cppw.test b/tests/tests/cptools/04_cppw_no_file_argument/cppw.test
new file mode 100755
index 0000000..7ccef73
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports an error if no files are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw without a file argument (cppw)..."
+cppw 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/04_cppw_no_file_argument/data/usage.out b/tests/tests/cptools/04_cppw_no_file_argument/data/usage.out
new file mode 100644
index 0000000..808df39
--- /dev/null
+++ b/tests/tests/cptools/04_cppw_no_file_argument/data/usage.out
@@ -0,0 +1,2 @@
+cppw: wrong number of arguments, -h for usage
+cppw: no changes
diff --git a/tests/tests/cptools/05_cppw_2_files/config.txt b/tests/tests/cptools/05_cppw_2_files/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config.txt
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/group b/tests/tests/cptools/05_cppw_2_files/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/gshadow b/tests/tests/cptools/05_cppw_2_files/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/passwd b/tests/tests/cptools/05_cppw_2_files/config/etc/passwd
new file mode 100644
index 0000000..ae3eda3
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/sh
+myuser2:x:424243:424242::/home:/bin/sh
diff --git a/tests/tests/cptools/05_cppw_2_files/config/etc/shadow b/tests/tests/cptools/05_cppw_2_files/config/etc/shadow
new file mode 100644
index 0000000..f004fa2
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/cptools/05_cppw_2_files/cppw.test b/tests/tests/cptools/05_cppw_2_files/cppw.test
new file mode 100755
index 0000000..49ca1d5
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports an error if 2 files are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw with 2 files (cppw data/passwd data/passwd)..."
+cppw data/passwd data/passwd 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/05_cppw_2_files/data/passwd b/tests/tests/cptools/05_cppw_2_files/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/cptools/05_cppw_2_files/data/usage.out b/tests/tests/cptools/05_cppw_2_files/data/usage.out
new file mode 100644
index 0000000..808df39
--- /dev/null
+++ b/tests/tests/cptools/05_cppw_2_files/data/usage.out
@@ -0,0 +1,2 @@
+cppw: wrong number of arguments, -h for usage
+cppw: no changes
diff --git a/tests/tests/cptools/06_cppw_no_file/config.txt b/tests/tests/cptools/06_cppw_no_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config.txt
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/group b/tests/tests/cptools/06_cppw_no_file/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/group
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/gshadow b/tests/tests/cptools/06_cppw_no_file/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/gshadow
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/passwd b/tests/tests/cptools/06_cppw_no_file/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/passwd
diff --git a/tests/tests/cptools/06_cppw_no_file/config/etc/shadow b/tests/tests/cptools/06_cppw_no_file/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/config/etc/shadow
diff --git a/tests/tests/cptools/06_cppw_no_file/cppw.test b/tests/tests/cptools/06_cppw_no_file/cppw.test
new file mode 100755
index 0000000..f4adb89
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw reports an error if no files are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw with a nonexistent file (cppw data/passwd)..."
+cppw data/passwd 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/06_cppw_no_file/data/usage.out b/tests/tests/cptools/06_cppw_no_file/data/usage.out
new file mode 100644
index 0000000..133dea3
--- /dev/null
+++ b/tests/tests/cptools/06_cppw_no_file/data/usage.out
@@ -0,0 +1,2 @@
+cppw: data/passwd: No such file or directory
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config.txt b/tests/tests/cptools/07_cppw_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config.txt
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/group b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/group
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/gshadow b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/gshadow
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/passwd b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/passwd
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/config/etc/shadow b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/config/etc/shadow
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/cppw.test b/tests/tests/cptools/07_cppw_locked_passwd/cppw.test
new file mode 100755
index 0000000..366618e
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/cppw.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw checks if the password file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Use cppw (cppw data/passwd)..."
+cppw data/passwd 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/data/passwd b/tests/tests/cptools/07_cppw_locked_passwd/data/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/data/passwd
diff --git a/tests/tests/cptools/07_cppw_locked_passwd/data/usage.out b/tests/tests/cptools/07_cppw_locked_passwd/data/usage.out
new file mode 100644
index 0000000..c99e46a
--- /dev/null
+++ b/tests/tests/cptools/07_cppw_locked_passwd/data/usage.out
@@ -0,0 +1,3 @@
+cppw: existing lock file /etc/passwd.lock without a PID
+cppw: Couldn't lock file
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/cptools/08_cppw-p/config.txt b/tests/tests/cptools/08_cppw-p/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config.txt
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/group b/tests/tests/cptools/08_cppw-p/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/group
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/gshadow b/tests/tests/cptools/08_cppw-p/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/gshadow
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/passwd b/tests/tests/cptools/08_cppw-p/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/passwd
diff --git a/tests/tests/cptools/08_cppw-p/config/etc/shadow b/tests/tests/cptools/08_cppw-p/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/config/etc/shadow
diff --git a/tests/tests/cptools/08_cppw-p/cppw.test b/tests/tests/cptools/08_cppw-p/cppw.test
new file mode 100755
index 0000000..d4ee864
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw -p option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -p (cppw -p data/passwd)..."
+cppw -p data/passwd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/08_cppw-p/data/passwd b/tests/tests/cptools/08_cppw-p/data/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/08_cppw-p/data/passwd
diff --git a/tests/tests/cptools/09_cppw-g/config.txt b/tests/tests/cptools/09_cppw-g/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config.txt
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/group b/tests/tests/cptools/09_cppw-g/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/gshadow b/tests/tests/cptools/09_cppw-g/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/passwd b/tests/tests/cptools/09_cppw-g/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cptools/09_cppw-g/config/etc/shadow b/tests/tests/cptools/09_cppw-g/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/09_cppw-g/cppw.test b/tests/tests/cptools/09_cppw-g/cppw.test
new file mode 100755
index 0000000..7ac6d16
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -g (cppw -g data/group)..."
+cppw -g data/group
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/09_cppw-g/data/group b/tests/tests/cptools/09_cppw-g/data/group
new file mode 100644
index 0000000..11b5c11
--- /dev/null
+++ b/tests/tests/cptools/09_cppw-g/data/group
@@ -0,0 +1,39 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
diff --git a/tests/tests/cptools/10_cppw-g-s/config.txt b/tests/tests/cptools/10_cppw-g-s/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config.txt
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/group b/tests/tests/cptools/10_cppw-g-s/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/gshadow b/tests/tests/cptools/10_cppw-g-s/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/passwd b/tests/tests/cptools/10_cppw-g-s/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cptools/10_cppw-g-s/config/etc/shadow b/tests/tests/cptools/10_cppw-g-s/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/10_cppw-g-s/cppw.test b/tests/tests/cptools/10_cppw-g-s/cppw.test
new file mode 100755
index 0000000..602c34a
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -g -s (cppw -g -s data/gshadow)..."
+cppw -g -s data/gshadow
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/10_cppw-g-s/data/gshadow b/tests/tests/cptools/10_cppw-g-s/data/gshadow
new file mode 100644
index 0000000..93fc055
--- /dev/null
+++ b/tests/tests/cptools/10_cppw-g-s/data/gshadow
@@ -0,0 +1,39 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
diff --git a/tests/tests/cptools/11_cppw-p-s/config.txt b/tests/tests/cptools/11_cppw-p-s/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config.txt
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/group b/tests/tests/cptools/11_cppw-p-s/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/gshadow b/tests/tests/cptools/11_cppw-p-s/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/passwd b/tests/tests/cptools/11_cppw-p-s/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/cptools/11_cppw-p-s/config/etc/shadow b/tests/tests/cptools/11_cppw-p-s/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/11_cppw-p-s/cppw.test b/tests/tests/cptools/11_cppw-p-s/cppw.test
new file mode 100755
index 0000000..3c68f05
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/cppw.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use cppw -p -s (cppw -p -s data/shadow)..."
+cppw -p -s data/shadow
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/11_cppw-p-s/data/shadow b/tests/tests/cptools/11_cppw-p-s/data/shadow
new file mode 100644
index 0000000..6214423
--- /dev/null
+++ b/tests/tests/cptools/11_cppw-p-s/data/shadow
@@ -0,0 +1,16 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config.txt b/tests/tests/cptools/12_cppw-s_no_shadow_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config.txt
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/group b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/group
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/gshadow b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/gshadow
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/passwd b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/passwd
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/shadow b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/config/etc/shadow
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/cppw.test b/tests/tests/cptools/12_cppw-s_no_shadow_file/cppw.test
new file mode 100755
index 0000000..a0c2095
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/cppw.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "cppw can copy a shadow file even if there were no shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Use cppw (cppw -s data/shadow)..."
+cppw -s data/shadow 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "usage message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/data/cppw.err b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/cppw.err
new file mode 100644
index 0000000..0c7d649
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/cppw.err
@@ -0,0 +1,2 @@
+cppw: /etc/shadow: No such file or directory
+cppw: /etc/shadow is unchanged
diff --git a/tests/tests/cptools/12_cppw-s_no_shadow_file/data/shadow b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/shadow
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/cptools/12_cppw-s_no_shadow_file/data/shadow
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
new file mode 100755
index 0000000..d583517
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_chpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_chpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_chpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/group b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/gshadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/passwd b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/shadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/group b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/gshadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/login.defs b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/login.defs
new file mode 100644
index 0000000..e9df880
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+MD5_CRYPT_ENAB	yes
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/passwd b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/shadow b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES-MD5_CRYPT_ENAB/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd.test b/tests/tests/crypt/login.defs_DES/01_chpasswd.test
new file mode 100755
index 0000000..d583517
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_chpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_chpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_chpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/group b/tests/tests/crypt/login.defs_DES/01_chpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/gshadow b/tests/tests/crypt/login.defs_DES/01_chpasswd/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/passwd b/tests/tests/crypt/login.defs_DES/01_chpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/01_chpasswd/shadow b/tests/tests/crypt/login.defs_DES/01_chpasswd/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
new file mode 100755
index 0000000..2ae3f3b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chpasswd--crypt-method-MD5/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/group b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/gshadow b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd.new b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd.new
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/passwd.new
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/shadow b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/02_chpasswd--crypt-method-MD5/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
new file mode 100755
index 0000000..9848828
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 03_chpasswd--crypt-method-DES/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/group b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/gshadow b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/passwd b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/shadow b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/03_chpasswd--crypt-method-DES/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
new file mode 100755
index 0000000..4c4f18a
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd --crypt-method NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_chpasswd--crypt-method-NONE/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/group b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/gshadow b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/passwd b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/shadow b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/shadow
new file mode 100644
index 0000000..d2bde3b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/04_chpasswd--crypt-method-NONE/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e.test b/tests/tests/crypt/login.defs_DES/05_chpasswd-e.test
new file mode 100755
index 0000000..fdac6ae
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 05_chpasswd-e/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 05_chpasswd-e/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 05_chpasswd-e/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 05_chpasswd-e/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/group b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/gshadow b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/passwd b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/05_chpasswd-e/shadow b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/shadow
new file mode 100644
index 0000000..d2bde3b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/05_chpasswd-e/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m.test b/tests/tests/crypt/login.defs_DES/06_chpasswd-m.test
new file mode 100755
index 0000000..3428d89
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd -m
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 06_chpasswd-m/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 06_chpasswd-m/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 06_chpasswd-m/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 06_chpasswd-m/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/group b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/gshadow b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/passwd b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/06_chpasswd-m/shadow b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/06_chpasswd-m/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd.test b/tests/tests/crypt/login.defs_DES/07_chgpasswd.test
new file mode 100755
index 0000000..5b7a073
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 07_chgpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 07_chgpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 07_chgpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 07_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/group b/tests/tests/crypt/login.defs_DES/07_chgpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/gshadow b/tests/tests/crypt/login.defs_DES/07_chgpasswd/gshadow
new file mode 100644
index 0000000..53dba5e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/passwd b/tests/tests/crypt/login.defs_DES/07_chgpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/07_chgpasswd/shadow b/tests/tests/crypt/login.defs_DES/07_chgpasswd/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/07_chgpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
new file mode 100755
index 0000000..405e8b2
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 08_chgpasswd--crypt-method-MD5/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/group b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/gshadow b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/passwd b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/shadow b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
new file mode 100755
index 0000000..1553e00
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 09_chgpasswd--crypt-method-DES/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/group b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/gshadow b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/gshadow
new file mode 100644
index 0000000..53dba5e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/passwd b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/shadow b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/09_chgpasswd--crypt-method-DES/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
new file mode 100755
index 0000000..a010de2
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo nogroup:test | chgpasswd --crypt-method NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 10_chgpasswd--crypt-method-NONE/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/group b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/gshadow b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/gshadow
new file mode 100644
index 0000000..a8f0af9
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/passwd b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/shadow b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e.test b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e.test
new file mode 100755
index 0000000..6b801c1
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nogroup:test | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_chgpasswd-e/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_chgpasswd-e/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_chgpasswd-e/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_chgpasswd-e/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/group b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/gshadow b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/gshadow
new file mode 100644
index 0000000..a8f0af9
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/passwd b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/shadow b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/11_chgpasswd-e/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m.test b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m.test
new file mode 100755
index 0000000..f271cb0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nogroup:test | chgpasswd -m
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 12_chgpasswd-m/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 12_chgpasswd-m/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 12_chgpasswd-m/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 12_chgpasswd-m/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/group b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/gshadow b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/passwd b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/shadow b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/12_chgpasswd-m/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/group b/tests/tests/crypt/login.defs_DES/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/gshadow b/tests/tests/crypt/login.defs_DES/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/login.defs b/tests/tests/crypt/login.defs_DES/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/passwd b/tests/tests/crypt/login.defs_DES/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_DES/config/etc/shadow b/tests/tests/crypt/login.defs_DES/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_DES/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd.test b/tests/tests/crypt/login.defs_MD5/01_chpasswd.test
new file mode 100755
index 0000000..d583517
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_chpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_chpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_chpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/group b/tests/tests/crypt/login.defs_MD5/01_chpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/gshadow b/tests/tests/crypt/login.defs_MD5/01_chpasswd/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/passwd b/tests/tests/crypt/login.defs_MD5/01_chpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5/01_chpasswd/shadow b/tests/tests/crypt/login.defs_MD5/01_chpasswd/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd.test b/tests/tests/crypt/login.defs_MD5/02_chgpasswd.test
new file mode 100755
index 0000000..c102e89
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 02_chgpasswd/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 02_chgpasswd/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 02_chgpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/group b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/passwd b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5/02_chgpasswd/shadow b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/02_chgpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/group b/tests/tests/crypt/login.defs_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/gshadow b/tests/tests/crypt/login.defs_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/login.defs b/tests/tests/crypt/login.defs_MD5/config/etc/login.defs
new file mode 100644
index 0000000..11ea6c6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD MD5
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/passwd b/tests/tests/crypt/login.defs_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5/config/etc/shadow b/tests/tests/crypt/login.defs_MD5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd/shadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
new file mode 100755
index 0000000..a38a669
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd/gshadow
new file mode 100644
index 0000000..a709bcb
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/group b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/gshadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/login.defs b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/login.defs
new file mode 100644
index 0000000..49ccae8
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+MD5_CRYPT_ENAB	yes
+#ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/passwd b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/shadow b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_MD5_CRYPT_ENAB/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd.test
new file mode 100755
index 0000000..3c04e67
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nobody:\$5\$rounds=7000\$' /etc/shadow || {
+	grep "^nobody:" /etc/shadow
+	exit 1
+}
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd.test
new file mode 100755
index 0000000..51adcbe
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nogroup:\$5\$rounds=7000\$' /etc/gshadow || {
+	grep "^nogroup:" /etc/gshadow
+	exit 1
+}
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/group b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/login.defs
new file mode 100644
index 0000000..cb87cef
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+#SHA_CRYPT_MIN_ROUNDS 2000
+SHA_CRYPT_MAX_ROUNDS 7000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-max/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
new file mode 100755
index 0000000..ba6d6f2
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change an user's password with chpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user nobody's password (echo nobody:test | chpasswd)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds1=$(sed -n 's/^nobody:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds1)..."
+if [ "$rounds1" -lt 3000 ] || [ "$rounds1" -gt 10000 ]; then
+	echo "Wrong rounds: $rounds1"
+	grep "^nobody:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+echo ""
+echo "Make sure the number of rounds is not constant"
+
+echo -n "  Change user nobody's password (echo nobody:test | chpasswd)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+rounds2=$(sed -n 's/^nobody:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+if [ "$rounds1" = "$rounds2" ]; then
+	echo "The number of rounds did not change."
+	echo "It may not be a error, please re-run this test."
+	exit 1
+fi
+echo -n "($rounds2)..."
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
new file mode 100755
index 0000000..f730d51
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password with chgpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group nogroup's password (echo nogroup:test | chgpasswd)..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds1=$(sed -n 's/^nogroup:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/gshadow)
+echo -n "($rounds1)..."
+if [ "$rounds1" -lt 3000 ] || [ "$rounds1" -gt 10000 ]; then
+	echo "Wrong rounds: $rounds1"
+	grep "^nogroup:" /etc/gshadow
+	exit 1
+fi
+echo "OK"
+
+echo ""
+echo "Make sure the number of rounds is not constant"
+
+echo -n "  Change group nogroup's password (echo nogroup:test | chgpasswd)..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+rounds2=$(sed -n 's/^nogroup:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/gshadow)
+if [ "$rounds1" = "$rounds2" ]; then
+	echo "The number of rounds did not change."
+	echo "It may not be a error, please re-run this test."
+	exit 1
+fi
+echo -n "($rounds2)..."
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/group b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/login.defs
new file mode 100644
index 0000000..9897cc0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+SHA_CRYPT_MIN_ROUNDS 3000
+SHA_CRYPT_MAX_ROUNDS 10000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min-max/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd.test
new file mode 100755
index 0000000..8a445e7
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nobody:\$5\$rounds=2000\$' /etc/shadow || {
+	grep "^nobody:" /etc/shadow
+	exit 1
+}
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd.test
new file mode 100755
index 0000000..1142c26
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the number of rounds..."
+grep -q '^nogroup:\$5\$rounds=2000\$' /etc/gshadow || {
+	grep "^nogroup:" /etc/gshadow
+	exit 1
+}
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/group b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/login.defs
new file mode 100644
index 0000000..5dc8994
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+SHA_CRYPT_MIN_ROUNDS 2000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256-round-min/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA256/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA256/01_chpasswd/shadow
new file mode 100644
index 0000000..e16a7b0
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA256/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd.test
new file mode 100755
index 0000000..a38a669
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA256/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd/gshadow
new file mode 100644
index 0000000..f235584
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/group b/tests/tests/crypt/login.defs_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA256/config/etc/login.defs
new file mode 100644
index 0000000..f52dcd7
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA256
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/passwd b/tests/tests/crypt/login.defs_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA256/config/etc/shadow b/tests/tests/crypt/login.defs_SHA256/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA512/01_chpasswd.test b/tests/tests/crypt/login.defs_SHA512/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA512/01_chpasswd/shadow b/tests/tests/crypt/login.defs_SHA512/01_chpasswd/shadow
new file mode 100644
index 0000000..5822203
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_SHA512/02_chgpasswd.test b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd.test
new file mode 100755
index 0000000..b7ac288
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password with chgpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_SHA512/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd/gshadow
new file mode 100644
index 0000000..5c8c33a
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/group b/tests/tests/crypt/login.defs_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/gshadow b/tests/tests/crypt/login.defs_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/login.defs b/tests/tests/crypt/login.defs_SHA512/config/etc/login.defs
new file mode 100644
index 0000000..5c9efa3
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD SHA512
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/passwd b/tests/tests/crypt/login.defs_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_SHA512/config/etc/shadow b/tests/tests/crypt/login.defs_SHA512/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_none/01_chpasswd.test b/tests/tests/crypt/login.defs_none/01_chpasswd.test
new file mode 100755
index 0000000..28ee58f
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/01_chpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+echo nobody:test | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_chpasswd/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_none/01_chpasswd/shadow b/tests/tests/crypt/login.defs_none/01_chpasswd/shadow
new file mode 100644
index 0000000..7607cc6
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/01_chpasswd/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/crypt/login.defs_none/02_chgpasswd.test b/tests/tests/crypt/login.defs_none/02_chgpasswd.test
new file mode 100755
index 0000000..b7ac288
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/02_chgpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change a group's password with chgpasswd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "echo nogroup:test | chgpasswd..."
+echo nogroup:test | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_chgpasswd/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/crypt/login.defs_none/02_chgpasswd/gshadow b/tests/tests/crypt/login.defs_none/02_chgpasswd/gshadow
new file mode 100644
index 0000000..53dba5e
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/02_chgpasswd/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_none/config/etc/group b/tests/tests/crypt/login.defs_none/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/crypt/login.defs_none/config/etc/gshadow b/tests/tests/crypt/login.defs_none/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/crypt/login.defs_none/config/etc/login.defs b/tests/tests/crypt/login.defs_none/config/etc/login.defs
new file mode 100644
index 0000000..4432229
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+#ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/crypt/login.defs_none/config/etc/passwd b/tests/tests/crypt/login.defs_none/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/crypt/login.defs_none/config/etc/shadow b/tests/tests/crypt/login.defs_none/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/crypt/login.defs_none/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/debian/01/data/login_files b/tests/tests/debian/01/data/login_files
new file mode 100644
index 0000000..04f4974
--- /dev/null
+++ b/tests/tests/debian/01/data/login_files
@@ -0,0 +1,296 @@
+/.
+/bin
+/bin/login
+/bin/su
+/etc
+/etc/login.defs
+/etc/pam.d
+/etc/pam.d/login
+/etc/pam.d/su
+/etc/securetty
+/usr
+/usr/bin
+/usr/bin/faillog
+/usr/bin/lastlog
+/usr/bin/newgrp
+/usr/bin/sg
+/usr/sbin
+/usr/sbin/nologin
+/usr/share
+/usr/share/doc
+/usr/share/doc/login
+/usr/share/doc/login/NEWS.Debian.gz
+/usr/share/doc/login/NEWS.gz
+/usr/share/doc/login/README
+/usr/share/doc/login/TODO.gz
+/usr/share/doc/login/changelog.Debian.gz
+/usr/share/doc/login/changelog.gz
+/usr/share/doc/login/copyright
+/usr/share/lintian
+/usr/share/lintian/overrides
+/usr/share/lintian/overrides/login
+/usr/share/locale
+/usr/share/locale/bs
+/usr/share/locale/bs/LC_MESSAGES
+/usr/share/locale/bs/LC_MESSAGES/shadow.mo
+/usr/share/locale/ca
+/usr/share/locale/ca/LC_MESSAGES
+/usr/share/locale/ca/LC_MESSAGES/shadow.mo
+/usr/share/locale/cs
+/usr/share/locale/cs/LC_MESSAGES
+/usr/share/locale/cs/LC_MESSAGES/shadow.mo
+/usr/share/locale/da
+/usr/share/locale/da/LC_MESSAGES
+/usr/share/locale/da/LC_MESSAGES/shadow.mo
+/usr/share/locale/de
+/usr/share/locale/de/LC_MESSAGES
+/usr/share/locale/de/LC_MESSAGES/shadow.mo
+/usr/share/locale/dz
+/usr/share/locale/dz/LC_MESSAGES
+/usr/share/locale/dz/LC_MESSAGES/shadow.mo
+/usr/share/locale/el
+/usr/share/locale/el/LC_MESSAGES
+/usr/share/locale/el/LC_MESSAGES/shadow.mo
+/usr/share/locale/es
+/usr/share/locale/es/LC_MESSAGES
+/usr/share/locale/es/LC_MESSAGES/shadow.mo
+/usr/share/locale/eu
+/usr/share/locale/eu/LC_MESSAGES
+/usr/share/locale/eu/LC_MESSAGES/shadow.mo
+/usr/share/locale/fi
+/usr/share/locale/fi/LC_MESSAGES
+/usr/share/locale/fi/LC_MESSAGES/shadow.mo
+/usr/share/locale/fr
+/usr/share/locale/fr/LC_MESSAGES
+/usr/share/locale/fr/LC_MESSAGES/shadow.mo
+/usr/share/locale/gl
+/usr/share/locale/gl/LC_MESSAGES
+/usr/share/locale/gl/LC_MESSAGES/shadow.mo
+/usr/share/locale/he
+/usr/share/locale/he/LC_MESSAGES
+/usr/share/locale/he/LC_MESSAGES/shadow.mo
+/usr/share/locale/hu
+/usr/share/locale/hu/LC_MESSAGES
+/usr/share/locale/hu/LC_MESSAGES/shadow.mo
+/usr/share/locale/id
+/usr/share/locale/id/LC_MESSAGES
+/usr/share/locale/id/LC_MESSAGES/shadow.mo
+/usr/share/locale/it
+/usr/share/locale/it/LC_MESSAGES
+/usr/share/locale/it/LC_MESSAGES/shadow.mo
+/usr/share/locale/ja
+/usr/share/locale/ja/LC_MESSAGES
+/usr/share/locale/ja/LC_MESSAGES/shadow.mo
+/usr/share/locale/kk
+/usr/share/locale/kk/LC_MESSAGES
+/usr/share/locale/kk/LC_MESSAGES/shadow.mo
+/usr/share/locale/km
+/usr/share/locale/km/LC_MESSAGES
+/usr/share/locale/km/LC_MESSAGES/shadow.mo
+/usr/share/locale/ko
+/usr/share/locale/ko/LC_MESSAGES
+/usr/share/locale/ko/LC_MESSAGES/shadow.mo
+/usr/share/locale/nb
+/usr/share/locale/nb/LC_MESSAGES
+/usr/share/locale/nb/LC_MESSAGES/shadow.mo
+/usr/share/locale/ne
+/usr/share/locale/ne/LC_MESSAGES
+/usr/share/locale/ne/LC_MESSAGES/shadow.mo
+/usr/share/locale/nl
+/usr/share/locale/nl/LC_MESSAGES
+/usr/share/locale/nl/LC_MESSAGES/shadow.mo
+/usr/share/locale/nn
+/usr/share/locale/nn/LC_MESSAGES
+/usr/share/locale/nn/LC_MESSAGES/shadow.mo
+/usr/share/locale/pl
+/usr/share/locale/pl/LC_MESSAGES
+/usr/share/locale/pl/LC_MESSAGES/shadow.mo
+/usr/share/locale/pt
+/usr/share/locale/pt/LC_MESSAGES
+/usr/share/locale/pt/LC_MESSAGES/shadow.mo
+/usr/share/locale/pt_BR
+/usr/share/locale/pt_BR/LC_MESSAGES
+/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo
+/usr/share/locale/ro
+/usr/share/locale/ro/LC_MESSAGES
+/usr/share/locale/ro/LC_MESSAGES/shadow.mo
+/usr/share/locale/ru
+/usr/share/locale/ru/LC_MESSAGES
+/usr/share/locale/ru/LC_MESSAGES/shadow.mo
+/usr/share/locale/sk
+/usr/share/locale/sk/LC_MESSAGES
+/usr/share/locale/sk/LC_MESSAGES/shadow.mo
+/usr/share/locale/sq
+/usr/share/locale/sq/LC_MESSAGES
+/usr/share/locale/sq/LC_MESSAGES/shadow.mo
+/usr/share/locale/sv
+/usr/share/locale/sv/LC_MESSAGES
+/usr/share/locale/sv/LC_MESSAGES/shadow.mo
+/usr/share/locale/tl
+/usr/share/locale/tl/LC_MESSAGES
+/usr/share/locale/tl/LC_MESSAGES/shadow.mo
+/usr/share/locale/tr
+/usr/share/locale/tr/LC_MESSAGES
+/usr/share/locale/tr/LC_MESSAGES/shadow.mo
+/usr/share/locale/uk
+/usr/share/locale/uk/LC_MESSAGES
+/usr/share/locale/uk/LC_MESSAGES/shadow.mo
+/usr/share/locale/vi
+/usr/share/locale/vi/LC_MESSAGES
+/usr/share/locale/vi/LC_MESSAGES/shadow.mo
+/usr/share/locale/zh_CN
+/usr/share/locale/zh_CN/LC_MESSAGES
+/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo
+/usr/share/locale/zh_TW
+/usr/share/locale/zh_TW/LC_MESSAGES
+/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo
+/usr/share/man
+/usr/share/man/cs
+/usr/share/man/cs/man1
+/usr/share/man/cs/man1/su.1.gz
+/usr/share/man/cs/man5
+/usr/share/man/cs/man5/faillog.5.gz
+/usr/share/man/cs/man8
+/usr/share/man/cs/man8/faillog.8.gz
+/usr/share/man/cs/man8/lastlog.8.gz
+/usr/share/man/cs/man8/nologin.8.gz
+/usr/share/man/da
+/usr/share/man/da/man1
+/usr/share/man/da/man1/newgrp.1.gz
+/usr/share/man/da/man1/sg.1.gz
+/usr/share/man/da/man8
+/usr/share/man/da/man8/nologin.8.gz
+/usr/share/man/de
+/usr/share/man/de/man1
+/usr/share/man/de/man1/login.1.gz
+/usr/share/man/de/man1/newgrp.1.gz
+/usr/share/man/de/man1/sg.1.gz
+/usr/share/man/de/man1/su.1.gz
+/usr/share/man/de/man5
+/usr/share/man/de/man5/faillog.5.gz
+/usr/share/man/de/man5/login.defs.5.gz
+/usr/share/man/de/man8
+/usr/share/man/de/man8/faillog.8.gz
+/usr/share/man/de/man8/lastlog.8.gz
+/usr/share/man/de/man8/nologin.8.gz
+/usr/share/man/fi
+/usr/share/man/fi/man1
+/usr/share/man/fi/man1/su.1.gz
+/usr/share/man/fr
+/usr/share/man/fr/man1
+/usr/share/man/fr/man1/login.1.gz
+/usr/share/man/fr/man1/newgrp.1.gz
+/usr/share/man/fr/man1/sg.1.gz
+/usr/share/man/fr/man1/su.1.gz
+/usr/share/man/fr/man5
+/usr/share/man/fr/man5/faillog.5.gz
+/usr/share/man/fr/man5/login.defs.5.gz
+/usr/share/man/fr/man8
+/usr/share/man/fr/man8/faillog.8.gz
+/usr/share/man/fr/man8/lastlog.8.gz
+/usr/share/man/fr/man8/nologin.8.gz
+/usr/share/man/hu
+/usr/share/man/hu/man1
+/usr/share/man/hu/man1/login.1.gz
+/usr/share/man/hu/man1/newgrp.1.gz
+/usr/share/man/hu/man1/sg.1.gz
+/usr/share/man/hu/man1/su.1.gz
+/usr/share/man/hu/man8
+/usr/share/man/hu/man8/lastlog.8.gz
+/usr/share/man/id
+/usr/share/man/id/man1
+/usr/share/man/id/man1/login.1.gz
+/usr/share/man/it
+/usr/share/man/it/man1
+/usr/share/man/it/man1/login.1.gz
+/usr/share/man/it/man1/newgrp.1.gz
+/usr/share/man/it/man1/sg.1.gz
+/usr/share/man/it/man1/su.1.gz
+/usr/share/man/it/man5
+/usr/share/man/it/man5/faillog.5.gz
+/usr/share/man/it/man5/login.defs.5.gz
+/usr/share/man/it/man8
+/usr/share/man/it/man8/faillog.8.gz
+/usr/share/man/it/man8/lastlog.8.gz
+/usr/share/man/it/man8/nologin.8.gz
+/usr/share/man/ja
+/usr/share/man/ja/man1
+/usr/share/man/ja/man1/login.1.gz
+/usr/share/man/ja/man1/newgrp.1.gz
+/usr/share/man/ja/man1/sg.1.gz
+/usr/share/man/ja/man1/su.1.gz
+/usr/share/man/ja/man5
+/usr/share/man/ja/man5/faillog.5.gz
+/usr/share/man/ja/man5/login.defs.5.gz
+/usr/share/man/ja/man8
+/usr/share/man/ja/man8/faillog.8.gz
+/usr/share/man/ja/man8/lastlog.8.gz
+/usr/share/man/ko
+/usr/share/man/ko/man1
+/usr/share/man/ko/man1/login.1.gz
+/usr/share/man/ko/man1/su.1.gz
+/usr/share/man/man1
+/usr/share/man/man1/login.1.gz
+/usr/share/man/man1/newgrp.1.gz
+/usr/share/man/man1/sg.1.gz
+/usr/share/man/man1/su.1.gz
+/usr/share/man/man5
+/usr/share/man/man5/faillog.5.gz
+/usr/share/man/man5/login.defs.5.gz
+/usr/share/man/man8
+/usr/share/man/man8/faillog.8.gz
+/usr/share/man/man8/lastlog.8.gz
+/usr/share/man/man8/nologin.8.gz
+/usr/share/man/pl
+/usr/share/man/pl/man1
+/usr/share/man/pl/man1/newgrp.1.gz
+/usr/share/man/pl/man1/sg.1.gz
+/usr/share/man/pl/man5
+/usr/share/man/pl/man5/faillog.5.gz
+/usr/share/man/pl/man8
+/usr/share/man/pl/man8/faillog.8.gz
+/usr/share/man/pl/man8/lastlog.8.gz
+/usr/share/man/ru
+/usr/share/man/ru/man1
+/usr/share/man/ru/man1/login.1.gz
+/usr/share/man/ru/man1/newgrp.1.gz
+/usr/share/man/ru/man1/sg.1.gz
+/usr/share/man/ru/man1/su.1.gz
+/usr/share/man/ru/man5
+/usr/share/man/ru/man5/faillog.5.gz
+/usr/share/man/ru/man5/login.defs.5.gz
+/usr/share/man/ru/man8
+/usr/share/man/ru/man8/faillog.8.gz
+/usr/share/man/ru/man8/lastlog.8.gz
+/usr/share/man/ru/man8/nologin.8.gz
+/usr/share/man/sv
+/usr/share/man/sv/man1
+/usr/share/man/sv/man1/newgrp.1.gz
+/usr/share/man/sv/man1/sg.1.gz
+/usr/share/man/sv/man5
+/usr/share/man/sv/man5/faillog.5.gz
+/usr/share/man/sv/man8
+/usr/share/man/sv/man8/faillog.8.gz
+/usr/share/man/sv/man8/lastlog.8.gz
+/usr/share/man/sv/man8/nologin.8.gz
+/usr/share/man/tr
+/usr/share/man/tr/man1
+/usr/share/man/tr/man1/login.1.gz
+/usr/share/man/tr/man1/su.1.gz
+/usr/share/man/zh_CN
+/usr/share/man/zh_CN/man1
+/usr/share/man/zh_CN/man1/login.1.gz
+/usr/share/man/zh_CN/man1/newgrp.1.gz
+/usr/share/man/zh_CN/man1/sg.1.gz
+/usr/share/man/zh_CN/man1/su.1.gz
+/usr/share/man/zh_CN/man5
+/usr/share/man/zh_CN/man5/faillog.5.gz
+/usr/share/man/zh_CN/man5/login.defs.5.gz
+/usr/share/man/zh_CN/man8
+/usr/share/man/zh_CN/man8/faillog.8.gz
+/usr/share/man/zh_CN/man8/lastlog.8.gz
+/usr/share/man/zh_CN/man8/nologin.8.gz
+/usr/share/man/zh_TW
+/usr/share/man/zh_TW/man1
+/usr/share/man/zh_TW/man1/newgrp.1.gz
+/usr/share/man/zh_TW/man1/su.1.gz
diff --git a/tests/tests/debian/01/data/passwd_files b/tests/tests/debian/01/data/passwd_files
new file mode 100644
index 0000000..78380f4
--- /dev/null
+++ b/tests/tests/debian/01/data/passwd_files
@@ -0,0 +1,400 @@
+/.
+/etc
+/etc/cron.daily
+/etc/cron.daily/passwd
+/etc/default
+/etc/default/useradd
+/etc/pam.d
+/etc/pam.d/chfn
+/etc/pam.d/chpasswd
+/etc/pam.d/chsh
+/etc/pam.d/groupmems
+/etc/pam.d/newusers
+/etc/pam.d/passwd
+/sbin
+/sbin/shadowconfig
+/usr
+/usr/bin
+/usr/bin/chage
+/usr/bin/chfn
+/usr/bin/chsh
+/usr/bin/expiry
+/usr/bin/gpasswd
+/usr/bin/passwd
+/usr/sbin
+/usr/sbin/chgpasswd
+/usr/sbin/chpasswd
+/usr/sbin/cpgr
+/usr/sbin/cppw
+/usr/sbin/groupadd
+/usr/sbin/groupdel
+/usr/sbin/groupmems
+/usr/sbin/groupmod
+/usr/sbin/grpck
+/usr/sbin/grpconv
+/usr/sbin/grpunconv
+/usr/sbin/newusers
+/usr/sbin/pwck
+/usr/sbin/pwconv
+/usr/sbin/pwunconv
+/usr/sbin/useradd
+/usr/sbin/userdel
+/usr/sbin/usermod
+/usr/sbin/vigr
+/usr/sbin/vipw
+/usr/share
+/usr/share/doc
+/usr/share/doc/passwd
+/usr/share/doc/passwd/NEWS.Debian.gz
+/usr/share/doc/passwd/NEWS.gz
+/usr/share/doc/passwd/README
+/usr/share/doc/passwd/README.Debian
+/usr/share/doc/passwd/TODO.gz
+/usr/share/doc/passwd/changelog.Debian.gz
+/usr/share/doc/passwd/changelog.gz
+/usr/share/doc/passwd/copyright
+/usr/share/doc/passwd/examples
+/usr/share/doc/passwd/examples/passwd.expire.cron
+/usr/share/lintian
+/usr/share/lintian/overrides
+/usr/share/lintian/overrides/passwd
+/usr/share/man
+/usr/share/man/cs
+/usr/share/man/cs/man1
+/usr/share/man/cs/man1/expiry.1.gz
+/usr/share/man/cs/man1/gpasswd.1.gz
+/usr/share/man/cs/man5
+/usr/share/man/cs/man5/gshadow.5.gz
+/usr/share/man/cs/man5/passwd.5.gz
+/usr/share/man/cs/man5/shadow.5.gz
+/usr/share/man/cs/man8
+/usr/share/man/cs/man8/groupadd.8.gz
+/usr/share/man/cs/man8/groupdel.8.gz
+/usr/share/man/cs/man8/groupmod.8.gz
+/usr/share/man/cs/man8/grpck.8.gz
+/usr/share/man/cs/man8/vipw.8.gz
+/usr/share/man/da
+/usr/share/man/da/man1
+/usr/share/man/da/man1/chfn.1.gz
+/usr/share/man/da/man5
+/usr/share/man/da/man5/gshadow.5.gz
+/usr/share/man/da/man8
+/usr/share/man/da/man8/groupdel.8.gz
+/usr/share/man/da/man8/vigr.8.gz
+/usr/share/man/da/man8/vipw.8.gz
+/usr/share/man/de
+/usr/share/man/de/man1
+/usr/share/man/de/man1/chage.1.gz
+/usr/share/man/de/man1/chfn.1.gz
+/usr/share/man/de/man1/chsh.1.gz
+/usr/share/man/de/man1/expiry.1.gz
+/usr/share/man/de/man1/gpasswd.1.gz
+/usr/share/man/de/man1/passwd.1.gz
+/usr/share/man/de/man5
+/usr/share/man/de/man5/gshadow.5.gz
+/usr/share/man/de/man5/passwd.5.gz
+/usr/share/man/de/man5/shadow.5.gz
+/usr/share/man/de/man8
+/usr/share/man/de/man8/chpasswd.8.gz
+/usr/share/man/de/man8/groupadd.8.gz
+/usr/share/man/de/man8/groupdel.8.gz
+/usr/share/man/de/man8/groupmems.8.gz
+/usr/share/man/de/man8/groupmod.8.gz
+/usr/share/man/de/man8/grpck.8.gz
+/usr/share/man/de/man8/grpconv.8.gz
+/usr/share/man/de/man8/grpunconv.8.gz
+/usr/share/man/de/man8/newusers.8.gz
+/usr/share/man/de/man8/pwck.8.gz
+/usr/share/man/de/man8/pwconv.8.gz
+/usr/share/man/de/man8/pwunconv.8.gz
+/usr/share/man/de/man8/useradd.8.gz
+/usr/share/man/de/man8/userdel.8.gz
+/usr/share/man/de/man8/usermod.8.gz
+/usr/share/man/de/man8/vigr.8.gz
+/usr/share/man/de/man8/vipw.8.gz
+/usr/share/man/fi
+/usr/share/man/fi/man1
+/usr/share/man/fi/man1/chfn.1.gz
+/usr/share/man/fi/man1/chsh.1.gz
+/usr/share/man/fr
+/usr/share/man/fr/man1
+/usr/share/man/fr/man1/chage.1.gz
+/usr/share/man/fr/man1/chfn.1.gz
+/usr/share/man/fr/man1/chsh.1.gz
+/usr/share/man/fr/man1/expiry.1.gz
+/usr/share/man/fr/man1/gpasswd.1.gz
+/usr/share/man/fr/man1/passwd.1.gz
+/usr/share/man/fr/man5
+/usr/share/man/fr/man5/gshadow.5.gz
+/usr/share/man/fr/man5/passwd.5.gz
+/usr/share/man/fr/man5/shadow.5.gz
+/usr/share/man/fr/man5/subgid.5.gz
+/usr/share/man/fr/man5/subuid.5.gz
+/usr/share/man/fr/man8
+/usr/share/man/fr/man8/chpasswd.8.gz
+/usr/share/man/fr/man8/groupadd.8.gz
+/usr/share/man/fr/man8/groupdel.8.gz
+/usr/share/man/fr/man8/groupmems.8.gz
+/usr/share/man/fr/man8/groupmod.8.gz
+/usr/share/man/fr/man8/grpck.8.gz
+/usr/share/man/fr/man8/grpconv.8.gz
+/usr/share/man/fr/man8/grpunconv.8.gz
+/usr/share/man/fr/man8/newusers.8.gz
+/usr/share/man/fr/man8/pwck.8.gz
+/usr/share/man/fr/man8/pwconv.8.gz
+/usr/share/man/fr/man8/pwunconv.8.gz
+/usr/share/man/fr/man8/shadowconfig.8.gz
+/usr/share/man/fr/man8/useradd.8.gz
+/usr/share/man/fr/man8/userdel.8.gz
+/usr/share/man/fr/man8/usermod.8.gz
+/usr/share/man/fr/man8/vigr.8.gz
+/usr/share/man/fr/man8/vipw.8.gz
+/usr/share/man/hu
+/usr/share/man/hu/man1
+/usr/share/man/hu/man1/chsh.1.gz
+/usr/share/man/hu/man1/gpasswd.1.gz
+/usr/share/man/hu/man1/passwd.1.gz
+/usr/share/man/hu/man5
+/usr/share/man/hu/man5/passwd.5.gz
+/usr/share/man/id
+/usr/share/man/id/man1
+/usr/share/man/id/man1/chsh.1.gz
+/usr/share/man/id/man8
+/usr/share/man/id/man8/useradd.8.gz
+/usr/share/man/it
+/usr/share/man/it/man1
+/usr/share/man/it/man1/chage.1.gz
+/usr/share/man/it/man1/chfn.1.gz
+/usr/share/man/it/man1/chsh.1.gz
+/usr/share/man/it/man1/expiry.1.gz
+/usr/share/man/it/man1/gpasswd.1.gz
+/usr/share/man/it/man1/passwd.1.gz
+/usr/share/man/it/man5
+/usr/share/man/it/man5/gshadow.5.gz
+/usr/share/man/it/man5/passwd.5.gz
+/usr/share/man/it/man5/shadow.5.gz
+/usr/share/man/it/man8
+/usr/share/man/it/man8/chpasswd.8.gz
+/usr/share/man/it/man8/groupadd.8.gz
+/usr/share/man/it/man8/groupdel.8.gz
+/usr/share/man/it/man8/groupmems.8.gz
+/usr/share/man/it/man8/groupmod.8.gz
+/usr/share/man/it/man8/grpck.8.gz
+/usr/share/man/it/man8/grpconv.8.gz
+/usr/share/man/it/man8/grpunconv.8.gz
+/usr/share/man/it/man8/newusers.8.gz
+/usr/share/man/it/man8/pwck.8.gz
+/usr/share/man/it/man8/pwconv.8.gz
+/usr/share/man/it/man8/pwunconv.8.gz
+/usr/share/man/it/man8/useradd.8.gz
+/usr/share/man/it/man8/userdel.8.gz
+/usr/share/man/it/man8/usermod.8.gz
+/usr/share/man/it/man8/vigr.8.gz
+/usr/share/man/it/man8/vipw.8.gz
+/usr/share/man/ja
+/usr/share/man/ja/man1
+/usr/share/man/ja/man1/chage.1.gz
+/usr/share/man/ja/man1/chfn.1.gz
+/usr/share/man/ja/man1/chsh.1.gz
+/usr/share/man/ja/man1/expiry.1.gz
+/usr/share/man/ja/man1/gpasswd.1.gz
+/usr/share/man/ja/man1/passwd.1.gz
+/usr/share/man/ja/man5
+/usr/share/man/ja/man5/passwd.5.gz
+/usr/share/man/ja/man5/shadow.5.gz
+/usr/share/man/ja/man8
+/usr/share/man/ja/man8/chpasswd.8.gz
+/usr/share/man/ja/man8/groupadd.8.gz
+/usr/share/man/ja/man8/groupdel.8.gz
+/usr/share/man/ja/man8/groupmod.8.gz
+/usr/share/man/ja/man8/grpck.8.gz
+/usr/share/man/ja/man8/grpconv.8.gz
+/usr/share/man/ja/man8/grpunconv.8.gz
+/usr/share/man/ja/man8/newusers.8.gz
+/usr/share/man/ja/man8/pwck.8.gz
+/usr/share/man/ja/man8/pwconv.8.gz
+/usr/share/man/ja/man8/pwunconv.8.gz
+/usr/share/man/ja/man8/shadowconfig.8.gz
+/usr/share/man/ja/man8/useradd.8.gz
+/usr/share/man/ja/man8/userdel.8.gz
+/usr/share/man/ja/man8/usermod.8.gz
+/usr/share/man/ja/man8/vigr.8.gz
+/usr/share/man/ja/man8/vipw.8.gz
+/usr/share/man/ko
+/usr/share/man/ko/man1
+/usr/share/man/ko/man1/chfn.1.gz
+/usr/share/man/ko/man1/chsh.1.gz
+/usr/share/man/ko/man5
+/usr/share/man/ko/man5/passwd.5.gz
+/usr/share/man/ko/man8
+/usr/share/man/ko/man8/vigr.8.gz
+/usr/share/man/ko/man8/vipw.8.gz
+/usr/share/man/man1
+/usr/share/man/man1/chage.1.gz
+/usr/share/man/man1/chfn.1.gz
+/usr/share/man/man1/chsh.1.gz
+/usr/share/man/man1/expiry.1.gz
+/usr/share/man/man1/gpasswd.1.gz
+/usr/share/man/man1/passwd.1.gz
+/usr/share/man/man5
+/usr/share/man/man5/gshadow.5.gz
+/usr/share/man/man5/passwd.5.gz
+/usr/share/man/man5/shadow.5.gz
+/usr/share/man/man5/subgid.5.gz
+/usr/share/man/man5/subuid.5.gz
+/usr/share/man/man8
+/usr/share/man/man8/chgpasswd.8.gz
+/usr/share/man/man8/chpasswd.8.gz
+/usr/share/man/man8/cpgr.8.gz
+/usr/share/man/man8/cppw.8.gz
+/usr/share/man/man8/groupadd.8.gz
+/usr/share/man/man8/groupdel.8.gz
+/usr/share/man/man8/groupmems.8.gz
+/usr/share/man/man8/groupmod.8.gz
+/usr/share/man/man8/grpck.8.gz
+/usr/share/man/man8/grpconv.8.gz
+/usr/share/man/man8/grpunconv.8.gz
+/usr/share/man/man8/newusers.8.gz
+/usr/share/man/man8/pwck.8.gz
+/usr/share/man/man8/pwconv.8.gz
+/usr/share/man/man8/pwunconv.8.gz
+/usr/share/man/man8/shadowconfig.8.gz
+/usr/share/man/man8/useradd.8.gz
+/usr/share/man/man8/userdel.8.gz
+/usr/share/man/man8/usermod.8.gz
+/usr/share/man/man8/vigr.8.gz
+/usr/share/man/man8/vipw.8.gz
+/usr/share/man/pl
+/usr/share/man/pl/man1
+/usr/share/man/pl/man1/chage.1.gz
+/usr/share/man/pl/man1/chsh.1.gz
+/usr/share/man/pl/man1/expiry.1.gz
+/usr/share/man/pl/man8
+/usr/share/man/pl/man8/groupadd.8.gz
+/usr/share/man/pl/man8/groupdel.8.gz
+/usr/share/man/pl/man8/groupmems.8.gz
+/usr/share/man/pl/man8/groupmod.8.gz
+/usr/share/man/pl/man8/grpck.8.gz
+/usr/share/man/pl/man8/shadowconfig.8.gz
+/usr/share/man/pl/man8/userdel.8.gz
+/usr/share/man/pl/man8/usermod.8.gz
+/usr/share/man/pl/man8/vigr.8.gz
+/usr/share/man/pl/man8/vipw.8.gz
+/usr/share/man/pt_BR
+/usr/share/man/pt_BR/man1
+/usr/share/man/pt_BR/man1/gpasswd.1.gz
+/usr/share/man/pt_BR/man5
+/usr/share/man/pt_BR/man5/passwd.5.gz
+/usr/share/man/pt_BR/man5/shadow.5.gz
+/usr/share/man/pt_BR/man8
+/usr/share/man/pt_BR/man8/groupadd.8.gz
+/usr/share/man/pt_BR/man8/groupdel.8.gz
+/usr/share/man/pt_BR/man8/groupmod.8.gz
+/usr/share/man/ru
+/usr/share/man/ru/man1
+/usr/share/man/ru/man1/chage.1.gz
+/usr/share/man/ru/man1/chfn.1.gz
+/usr/share/man/ru/man1/chsh.1.gz
+/usr/share/man/ru/man1/expiry.1.gz
+/usr/share/man/ru/man1/gpasswd.1.gz
+/usr/share/man/ru/man1/passwd.1.gz
+/usr/share/man/ru/man5
+/usr/share/man/ru/man5/gshadow.5.gz
+/usr/share/man/ru/man5/passwd.5.gz
+/usr/share/man/ru/man5/shadow.5.gz
+/usr/share/man/ru/man8
+/usr/share/man/ru/man8/chpasswd.8.gz
+/usr/share/man/ru/man8/groupadd.8.gz
+/usr/share/man/ru/man8/groupdel.8.gz
+/usr/share/man/ru/man8/groupmems.8.gz
+/usr/share/man/ru/man8/groupmod.8.gz
+/usr/share/man/ru/man8/grpck.8.gz
+/usr/share/man/ru/man8/grpconv.8.gz
+/usr/share/man/ru/man8/grpunconv.8.gz
+/usr/share/man/ru/man8/newusers.8.gz
+/usr/share/man/ru/man8/pwck.8.gz
+/usr/share/man/ru/man8/pwconv.8.gz
+/usr/share/man/ru/man8/pwunconv.8.gz
+/usr/share/man/ru/man8/useradd.8.gz
+/usr/share/man/ru/man8/userdel.8.gz
+/usr/share/man/ru/man8/usermod.8.gz
+/usr/share/man/ru/man8/vigr.8.gz
+/usr/share/man/ru/man8/vipw.8.gz
+/usr/share/man/sv
+/usr/share/man/sv/man1
+/usr/share/man/sv/man1/chage.1.gz
+/usr/share/man/sv/man1/chsh.1.gz
+/usr/share/man/sv/man1/expiry.1.gz
+/usr/share/man/sv/man1/passwd.1.gz
+/usr/share/man/sv/man5
+/usr/share/man/sv/man5/gshadow.5.gz
+/usr/share/man/sv/man5/passwd.5.gz
+/usr/share/man/sv/man8
+/usr/share/man/sv/man8/groupadd.8.gz
+/usr/share/man/sv/man8/groupdel.8.gz
+/usr/share/man/sv/man8/groupmems.8.gz
+/usr/share/man/sv/man8/groupmod.8.gz
+/usr/share/man/sv/man8/grpck.8.gz
+/usr/share/man/sv/man8/pwck.8.gz
+/usr/share/man/sv/man8/userdel.8.gz
+/usr/share/man/sv/man8/vigr.8.gz
+/usr/share/man/sv/man8/vipw.8.gz
+/usr/share/man/tr
+/usr/share/man/tr/man1
+/usr/share/man/tr/man1/chage.1.gz
+/usr/share/man/tr/man1/chfn.1.gz
+/usr/share/man/tr/man1/passwd.1.gz
+/usr/share/man/tr/man5
+/usr/share/man/tr/man5/passwd.5.gz
+/usr/share/man/tr/man5/shadow.5.gz
+/usr/share/man/tr/man8
+/usr/share/man/tr/man8/groupadd.8.gz
+/usr/share/man/tr/man8/groupdel.8.gz
+/usr/share/man/tr/man8/groupmod.8.gz
+/usr/share/man/tr/man8/useradd.8.gz
+/usr/share/man/tr/man8/userdel.8.gz
+/usr/share/man/tr/man8/usermod.8.gz
+/usr/share/man/zh_CN
+/usr/share/man/zh_CN/man1
+/usr/share/man/zh_CN/man1/chage.1.gz
+/usr/share/man/zh_CN/man1/chfn.1.gz
+/usr/share/man/zh_CN/man1/chsh.1.gz
+/usr/share/man/zh_CN/man1/expiry.1.gz
+/usr/share/man/zh_CN/man1/gpasswd.1.gz
+/usr/share/man/zh_CN/man1/passwd.1.gz
+/usr/share/man/zh_CN/man5
+/usr/share/man/zh_CN/man5/gshadow.5.gz
+/usr/share/man/zh_CN/man5/passwd.5.gz
+/usr/share/man/zh_CN/man5/shadow.5.gz
+/usr/share/man/zh_CN/man8
+/usr/share/man/zh_CN/man8/chpasswd.8.gz
+/usr/share/man/zh_CN/man8/groupadd.8.gz
+/usr/share/man/zh_CN/man8/groupdel.8.gz
+/usr/share/man/zh_CN/man8/groupmems.8.gz
+/usr/share/man/zh_CN/man8/groupmod.8.gz
+/usr/share/man/zh_CN/man8/grpck.8.gz
+/usr/share/man/zh_CN/man8/grpconv.8.gz
+/usr/share/man/zh_CN/man8/grpunconv.8.gz
+/usr/share/man/zh_CN/man8/newusers.8.gz
+/usr/share/man/zh_CN/man8/pwck.8.gz
+/usr/share/man/zh_CN/man8/pwconv.8.gz
+/usr/share/man/zh_CN/man8/pwunconv.8.gz
+/usr/share/man/zh_CN/man8/useradd.8.gz
+/usr/share/man/zh_CN/man8/userdel.8.gz
+/usr/share/man/zh_CN/man8/usermod.8.gz
+/usr/share/man/zh_CN/man8/vigr.8.gz
+/usr/share/man/zh_CN/man8/vipw.8.gz
+/usr/share/man/zh_TW
+/usr/share/man/zh_TW/man1
+/usr/share/man/zh_TW/man1/chfn.1.gz
+/usr/share/man/zh_TW/man1/chsh.1.gz
+/usr/share/man/zh_TW/man5
+/usr/share/man/zh_TW/man5/passwd.5.gz
+/usr/share/man/zh_TW/man8
+/usr/share/man/zh_TW/man8/chpasswd.8.gz
+/usr/share/man/zh_TW/man8/groupadd.8.gz
+/usr/share/man/zh_TW/man8/groupdel.8.gz
+/usr/share/man/zh_TW/man8/groupmod.8.gz
+/usr/share/man/zh_TW/man8/useradd.8.gz
+/usr/share/man/zh_TW/man8/userdel.8.gz
+/usr/share/man/zh_TW/man8/usermod.8.gz
diff --git a/tests/tests/debian/01/run b/tests/tests/debian/01/run
new file mode 100755
index 0000000..6db7cf0
--- /dev/null
+++ b/tests/tests/debian/01/run
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+# The goal of this test is to check the distributed files (as debdiff)
+
+save()
+{
+	[ ! -d tmp ] && mkdir tmp
+}
+
+restore()
+{
+	rm tmp/login_files tmp/passwd_files
+	rmdir tmp
+}
+
+save
+
+trap 'restore' 0
+
+dpkg -L login | sort > tmp/login_files
+dpkg -L passwd | sort > tmp/passwd_files
+
+echo -n "Checking the login files..."
+diff -u data/login_files tmp/login_files
+echo "OK"
+echo -n "Checking the passwd files..."
+diff -u data/passwd_files tmp/passwd_files
+echo OK
+
diff --git a/tests/tests/debian/02/run b/tests/tests/debian/02/run
new file mode 100755
index 0000000..a305c37
--- /dev/null
+++ b/tests/tests/debian/02/run
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# This test check if passwd or login provide files also distributed by
+# another package.
+# The goal is to detect new package for the Replaces or Conflicts fields,
+# or to tighten these relationships.
+#
+# It supposes that we will at least Replaces/Conflicts on the i386
+# architecture.
+
+wget -c http://ftp2.fr.debian.org/debian/dists/unstable/Contents-i386.gz
+
+for pkg in login passwd
+    do
+    dpkg -L $pkg | sed -e 's/^\///' |
+    {
+        while read file
+        do
+            [ -f "/$file" ] && echo "^$file	"
+        done
+    } > files
+
+    echo "List of files that the $pkg package currently replaces:"
+    zgrep -E -f files Contents-i386.gz | grep -Ev " admin/(login|passwd)$"
+done
+
+rm -f files Contents-i386.gz
+
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/group b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/gshadow b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/passwd b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/shadow b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.exp b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.test b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/01_expiry_-c_no_expiry/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/group b/tests/tests/expiry/02_expiry_-c_expired/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/gshadow b/tests/tests/expiry/02_expiry_-c_expired/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/passwd b/tests/tests/expiry/02_expiry_-c_expired/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/02_expiry_-c_expired/config/etc/shadow b/tests/tests/expiry/02_expiry_-c_expired/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/02_expiry_-c_expired/expiry.exp b/tests/tests/expiry/02_expiry_-c_expired/expiry.exp
new file mode 100755
index 0000000..92ae409
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "1"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/02_expiry_-c_expired/expiry.test b/tests/tests/expiry/02_expiry_-c_expired/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/02_expiry_-c_expired/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/group b/tests/tests/expiry/03_expiry_-f_expired/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/gshadow b/tests/tests/expiry/03_expiry_-f_expired/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/pam.d/common-password b/tests/tests/expiry/03_expiry_-f_expired/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/passwd b/tests/tests/expiry/03_expiry_-f_expired/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/03_expiry_-f_expired/config/etc/shadow b/tests/tests/expiry/03_expiry_-f_expired/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/03_expiry_-f_expired/data/shadow b/tests/tests/expiry/03_expiry_-f_expired/data/shadow
new file mode 100644
index 0000000..83da315
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/data/shadow
@@ -0,0 +1,20 @@
+root:@PASS_SHA512 password@:@TODAY@:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/03_expiry_-f_expired/expiry.exp b/tests/tests/expiry/03_expiry_-f_expired/expiry.exp
new file mode 100755
index 0000000..ada61c9
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/expiry.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -f\r"
+expect "Your password has expired.  Choose a new password."
+expect "Enter new UNIX password: "
+send "password\r"
+expect "Retype new UNIX password: "
+send "password\r"
+expect "passwd: password updated successfully"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/03_expiry_-f_expired/expiry.test b/tests/tests/expiry/03_expiry_-f_expired/expiry.test
new file mode 100755
index 0000000..252afb1
--- /dev/null
+++ b/tests/tests/expiry/03_expiry_-f_expired/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/group b/tests/tests/expiry/04_expiry_no_options/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/gshadow b/tests/tests/expiry/04_expiry_no_options/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/passwd b/tests/tests/expiry/04_expiry_no_options/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/04_expiry_no_options/config/etc/shadow b/tests/tests/expiry/04_expiry_no_options/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/04_expiry_no_options/data/usage.out b/tests/tests/expiry/04_expiry_no_options/data/usage.out
new file mode 100644
index 0000000..ab67c87
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/data/usage.out
@@ -0,0 +1,8 @@
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/04_expiry_no_options/expiry.test b/tests/tests/expiry/04_expiry_no_options/expiry.test
new file mode 100755
index 0000000..02c6cbb
--- /dev/null
+++ b/tests/tests/expiry/04_expiry_no_options/expiry.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry provides an Usage message if no options are given"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry without any option (expiry)..."
+expiry 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/group b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/gshadow b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/passwd b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/shadow b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.exp b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.test b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.test
new file mode 100755
index 0000000..0251edd
--- /dev/null
+++ b/tests/tests/expiry/05_expiry_-c_no_shadow_file/expiry.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that there are no shadow files..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/group b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/gshadow b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/passwd b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/shadow b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..3789b9f
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.exp b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.test b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/06_expiry_-c_no_shadow_entry/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/group b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/gshadow b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/passwd b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/shadow b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/shadow
new file mode 100644
index 0000000..319082d
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7::13000:
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/expiry.exp b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.exp
new file mode 100755
index 0000000..18dce25
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "3"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/07_expiry_-c_expired_account/expiry.test b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/07_expiry_-c_expired_account/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/group b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/gshadow b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/passwd b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/shadow b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/shadow
new file mode 100644
index 0000000..65489e7
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:10:7:10::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.exp b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.exp
new file mode 100755
index 0000000..fc0bf4f
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "2"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.test b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/08_expiry_-c_expired_max+inact/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/group b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/gshadow b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/passwd b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/shadow b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/shadow
new file mode 100644
index 0000000..bf371c0
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:9000:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.exp b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.exp
new file mode 100755
index 0000000..564f183
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "expiry -c\r"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.test b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.test
new file mode 100755
index 0000000..68d6532
--- /dev/null
+++ b/tests/tests/expiry/09_expiry_-c_expired_not_inactive/expiry.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "expiry can verify that a password is not expired"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./expiry.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/group b/tests/tests/expiry/10_expiry_bad_option/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/gshadow b/tests/tests/expiry/10_expiry_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/passwd b/tests/tests/expiry/10_expiry_bad_option/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/10_expiry_bad_option/config/etc/shadow b/tests/tests/expiry/10_expiry_bad_option/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/10_expiry_bad_option/data/usage.out b/tests/tests/expiry/10_expiry_bad_option/data/usage.out
new file mode 100644
index 0000000..c2d9716
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/data/usage.out
@@ -0,0 +1,9 @@
+expiry: invalid option -- 'Z'
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/10_expiry_bad_option/expiry.test b/tests/tests/expiry/10_expiry_bad_option/expiry.test
new file mode 100755
index 0000000..bcbbb60
--- /dev/null
+++ b/tests/tests/expiry/10_expiry_bad_option/expiry.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry provides an Usage message if an invalid option is given"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry with an invalid option (expiry -Z)..."
+expiry -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/group b/tests/tests/expiry/11_expiry_usage/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/gshadow b/tests/tests/expiry/11_expiry_usage/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/passwd b/tests/tests/expiry/11_expiry_usage/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/11_expiry_usage/config/etc/shadow b/tests/tests/expiry/11_expiry_usage/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/11_expiry_usage/data/usage.out b/tests/tests/expiry/11_expiry_usage/data/usage.out
new file mode 100644
index 0000000..ab67c87
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/data/usage.out
@@ -0,0 +1,8 @@
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/11_expiry_usage/expiry.test b/tests/tests/expiry/11_expiry_usage/expiry.test
new file mode 100755
index 0000000..93c455c
--- /dev/null
+++ b/tests/tests/expiry/11_expiry_usage/expiry.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get expiry usage message (expiry --help)..."
+expiry --help >tmp/usage.out
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/group b/tests/tests/expiry/12_expiry_extra_arg/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/gshadow b/tests/tests/expiry/12_expiry_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/passwd b/tests/tests/expiry/12_expiry_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/12_expiry_extra_arg/config/etc/shadow b/tests/tests/expiry/12_expiry_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/12_expiry_extra_arg/data/usage.out b/tests/tests/expiry/12_expiry_extra_arg/data/usage.out
new file mode 100644
index 0000000..f250f48
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/data/usage.out
@@ -0,0 +1,9 @@
+expiry: unexpected argument: foo
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/12_expiry_extra_arg/expiry.test b/tests/tests/expiry/12_expiry_extra_arg/expiry.test
new file mode 100755
index 0000000..ea6fa08
--- /dev/null
+++ b/tests/tests/expiry/12_expiry_extra_arg/expiry.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry check that no argument remain onthecommand line"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry with an extra argument (expiry -f foo)..."
+expiry -f foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/group b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/group
new file mode 100644
index 0000000..d1e687c
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/gshadow b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/passwd b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/config/etc/shadow b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/shadow
new file mode 100644
index 0000000..33d60bf
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:1:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/data/usage.out b/tests/tests/expiry/13_expiry_usage-c-f/data/usage.out
new file mode 100644
index 0000000..d0305e3
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/data/usage.out
@@ -0,0 +1,9 @@
+expiry: options -c and -f conflict
+Usage: expiry [options]
+
+Options:
+  -c, --check                   check the user's password expiration
+  -f, --force                   force password change if the user's password
+                                is expired
+  -h, --help                    display this help message and exit
+
diff --git a/tests/tests/expiry/13_expiry_usage-c-f/expiry.test b/tests/tests/expiry/13_expiry_usage-c-f/expiry.test
new file mode 100755
index 0000000..8a6a14a
--- /dev/null
+++ b/tests/tests/expiry/13_expiry_usage-c-f/expiry.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+log_start "$0" "expiry check that the -c and -f flags are not used at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call expiry with the -c and -f flags (expiry -f -c)..."
+expiry -f -c 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "expiry reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/chage.test b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/chage.test
new file mode 100755
index 0000000..9ae1ff7
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config.txt b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/group b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/gshadow b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/login.defs b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/passwd b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/shadow b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/01_chage_openRW_passwd_failure/data/chage.err b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/data/chage.err
new file mode 100644
index 0000000..bdfd8e2
--- /dev/null
+++ b/tests/tests/failures/chage/01_chage_openRW_passwd_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+chage: cannot open /etc/passwd
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/chage.test b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/chage.test
new file mode 100755
index 0000000..23df6c6
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -l bin)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/passwd chage -l bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config.txt b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/group b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/gshadow b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/login.defs b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/passwd b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/shadow b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/02_chage_openRO_passwd_failure/data/chage.err b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/data/chage.err
new file mode 100644
index 0000000..38f6955
--- /dev/null
+++ b/tests/tests/failures/chage/02_chage_openRO_passwd_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 0 ...
+chage: cannot open /etc/passwd
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/chage.test b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/chage.test
new file mode 100755
index 0000000..1469b78
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config.txt b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/group b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/gshadow b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/login.defs b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/passwd b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/shadow b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/03_chage_openRW_shadow_failure/data/chage.err b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/data/chage.err
new file mode 100644
index 0000000..a814928
--- /dev/null
+++ b/tests/tests/failures/chage/03_chage_openRW_shadow_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+chage: cannot open /etc/shadow
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/chage.test b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/chage.test
new file mode 100755
index 0000000..55a0a94
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's shell (chage -l bin)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/shadow chage -l bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config.txt b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/group b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/gshadow b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/login.defs b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/passwd b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/shadow b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/04_chage_openRO_shadow_failure/data/chage.err b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/data/chage.err
new file mode 100644
index 0000000..38aeca7
--- /dev/null
+++ b/tests/tests/failures/chage/04_chage_openRO_shadow_failure/data/chage.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 0 ...
+chage: cannot open /etc/shadow
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/chage.test b/tests/tests/failures/chage/05_chage_rename_shadow_failure/chage.test
new file mode 100755
index 0000000..e5e406a
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's inactivity period (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config.txt b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/group b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/05_chage_rename_shadow_failure/data/chage.err b/tests/tests/failures/chage/05_chage_rename_shadow_failure/data/chage.err
new file mode 100644
index 0000000..963f430
--- /dev/null
+++ b/tests/tests/failures/chage/05_chage_rename_shadow_failure/data/chage.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+chage: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/chage.test b/tests/tests/failures/chage/06_chage_rename_passwd_failure/chage.test
new file mode 100755
index 0000000..bd27260
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/chage.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chage report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; chmod g+s /usr/bin/chage' 0
+
+change_config
+
+echo -n "Remove setgid flag on chage..."
+chmod g-s /usr/bin/chage
+echo "OK"
+
+echo -n "Change bin's inactivity period (chage -I 12 bin)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd chage -I 12 bin 2>tmp/chage.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Restore setgid flag on chage..."
+chmod g+s /usr/bin/chage
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chage reported:"
+echo "======================================================================="
+cat tmp/chage.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chage.err tmp/chage.err
+echo "error message OK."
+rm -f tmp/chage.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config.txt b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/group b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..88faec2
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/chage.err b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/chage.err
new file mode 100644
index 0000000..188d7dd
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/chage.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+chage: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/shadow b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..d32d937
--- /dev/null
+++ b/tests/tests/failures/chage/06_chage_rename_passwd_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bin:*:::::12::
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
new file mode 100755
index 0000000..e0cedc9
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config.txt b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/group b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/data/chgpasswd.err
new file mode 100644
index 0000000..572aa4a
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/01_chgpasswd-e_open_group_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+chgpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
new file mode 100755
index 0000000..784ed0a
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config.txt b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/group b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/data/chgpasswd.err
new file mode 100644
index 0000000..9db820b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+chgpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
new file mode 100755
index 0000000..7e8894a
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config.txt b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/group b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..aa30237
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:foo:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..1b92e48
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/chgpasswd.err
new file mode 100644
index 0000000..0fb48ad
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+chgpasswd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/gshadow b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/gshadow
new file mode 100644
index 0000000..03d3b45
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/03_chgpasswd-e_rename_group_failure/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:test2::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
new file mode 100755
index 0000000..135f912
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config.txt b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/group b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..ae5682b
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/data/chgpasswd.err b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/data/chgpasswd.err
new file mode 100644
index 0000000..187a8eb
--- /dev/null
+++ b/tests/tests/failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/data/chgpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+chgpasswd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
new file mode 100755
index 0000000..e161ecf
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config.txt b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/data/chpasswd.err
new file mode 100644
index 0000000..e9e6282
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+chpasswd: cannot open /etc/passwd
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
new file mode 100755
index 0000000..90060b9
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config.txt b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/data/chpasswd.err
new file mode 100644
index 0000000..11554c1
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+chpasswd: cannot open /etc/shadow
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
new file mode 100755
index 0000000..6bd8f60
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config.txt b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..ae5682b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/chpasswd.err
new file mode 100644
index 0000000..0d71e50
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+chpasswd: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/shadow b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..08fa354
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
new file mode 100755
index 0000000..53fc373
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config.txt b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/group b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..ae5682b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5ef6dfe
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/data/chpasswd.err b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/data/chpasswd.err
new file mode 100644
index 0000000..dbe7aea
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/data/chpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+chpasswd: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
new file mode 100755
index 0000000..049ebb9
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | LD_PRELOAD=../../../common/time_0.so chpasswd -e 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config.txt b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/group b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/gshadow b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/passwd b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/shadow b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/data/shadow b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/data/shadow
new file mode 100644
index 0000000..f7aa7c0
--- /dev/null
+++ b/tests/tests/failures/chpasswd-PAM/05_chpasswd-e_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2::0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test::0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/chsh.test b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/chsh.test
new file mode 100755
index 0000000..3e0e4a1
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chsh report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's shell (chsh -s /bin/sh bin)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd chsh -s /bin/sh bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config.txt b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/group b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/passwd b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/shadow b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chsh/01_chsh_open_passwd_failure/data/chsh.err b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/data/chsh.err
new file mode 100644
index 0000000..0bf9b92
--- /dev/null
+++ b/tests/tests/failures/chsh/01_chsh_open_passwd_failure/data/chsh.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+chsh: cannot open /etc/passwd
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/chsh.test b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/chsh.test
new file mode 100755
index 0000000..e2c5ecd
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/chsh.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chsh report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change bin's shell (chsh -s /bin/sh bin)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd chsh -s /bin/sh bin 2>tmp/chsh.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chsh reported:"
+echo "======================================================================="
+cat tmp/chsh.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chsh.err tmp/chsh.err
+echo "error message OK."
+rm -f tmp/chsh.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config.txt b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/group b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/chsh.err b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/chsh.err
new file mode 100644
index 0000000..958bf31
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/chsh.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+chsh: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/shadow b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..b678d83
--- /dev/null
+++ b/tests/tests/failures/chsh/02_chsh_rename_passwd_failure/data/shadow
@@ -0,0 +1,20 @@
+root:*:@TODAY@:0:99999:7:::
+daemon:*:@TODAY@:0:99999:7:::
+bin:*:@TODAY@:0:99999:7:::
+sys:*:@TODAY@:0:99999:7:::
+sync:*:@TODAY@:0:99999:7:::
+games:*:@TODAY@:0:99999:7:::
+man:*:@TODAY@:0:99999:7:::
+lp:*:@TODAY@:0:99999:7:::
+mail:*:@TODAY@:0:99999:7:::
+news:*:@TODAY@:0:99999:7:::
+uucp:*:@TODAY@:0:99999:7:::
+proxy:*:@TODAY@:0:99999:7:::
+www-data:*:@TODAY@:0:99999:7:::
+backup:*:@TODAY@:0:99999:7:::
+list:*:@TODAY@:0:99999:7:::
+irc:*:@TODAY@:0:99999:7:::
+gnats:*:@TODAY@:0:99999:7:::
+nobody:*:@TODAY@:0:99999:7:::
+Debian-exim:*:@TODAY@:0:99999:7:::
+foo:abc:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config.txt b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/group b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/gshadow b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/login.defs b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/passwd b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/shadow b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/cppw.test b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
new file mode 100755
index 0000000..57aa57b
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "cppw report failures when it cannot open the input passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy data/passwd (cppw data/passwd)..."
+LD_PRELOAD=../../../common/fopen_failure.so FAILURE_PATH=data/passwd /usr/sbin/cppw data/passwd 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "error message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/cppw.err b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/cppw.err
new file mode 100644
index 0000000..3816592
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/cppw.err
@@ -0,0 +1,3 @@
+fopen64 FAILURE data/passwd r ...
+cppw: data/passwd: Input/output error
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/passwd b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/failures/cppw/01_cppw_open_passwd_in_failure/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config.txt b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/group b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/gshadow b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/login.defs b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/passwd b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/shadow b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
new file mode 100755
index 0000000..5ae4ef0
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "cppw report failures when it cannot open the input passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy data/passwd (cppw data/passwd)..."
+LD_PRELOAD=../../../common/fopen_failure.so FAILURE_PATH=/etc/passwd.new cppw data/passwd 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "error message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/cppw.err b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/cppw.err
new file mode 100644
index 0000000..78606fd
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/cppw.err
@@ -0,0 +1,3 @@
+fopen64 FAILURE /etc/passwd.new w ...
+cppw: Couldn't make copy: Input/output error
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/passwd b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/failures/cppw/02_cppw_open_passwd_backup_failure/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config.txt b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/group b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/cppw.test b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/cppw.test
new file mode 100755
index 0000000..2e809a7
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/cppw.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "cppw report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy data/passwd (cppw data/passwd)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd cppw data/passwd 2>tmp/cppw.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "cppw reported:"
+echo "======================================================================="
+cat tmp/cppw.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/cppw.err tmp/cppw.err
+echo "error message OK."
+rm -f tmp/cppw.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/cppw.err b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/cppw.err
new file mode 100644
index 0000000..7e27e3e
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/cppw.err
@@ -0,0 +1,3 @@
+rename FAILURE /etc/passwd.new /etc/passwd
+cppw: can't copy /etc/passwd.new: Input/output error)
+cppw: /etc/passwd is unchanged
diff --git a/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/passwd b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/passwd
new file mode 100644
index 0000000..e8e3c39
--- /dev/null
+++ b/tests/tests/failures/cppw/03_cppw_rename_passwd_failure/data/passwd
@@ -0,0 +1,17 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config.txt b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..a338a97
--- /dev/null
+++ b/tests/tests/failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config.txt b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/group b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..7d0a31a
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
new file mode 100755
index 0000000..253afcf
--- /dev/null
+++ b/tests/tests/failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config.txt b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..2b2e663
--- /dev/null
+++ b/tests/tests/failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -a root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -a root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config.txt b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..b52772e
--- /dev/null
+++ b/tests/tests/failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -d foo users)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -d foo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config.txt b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/group b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..b159e54
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
new file mode 100755
index 0000000..2c34af4
--- /dev/null
+++ b/tests/tests/failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -r foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group gpasswd -r foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config.txt b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/group b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..7d0a31a
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
new file mode 100755
index 0000000..47c08e9
--- /dev/null
+++ b/tests/tests/failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -R foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow gpasswd -R foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config.txt b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/group b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/data/gpasswd.err
new file mode 100644
index 0000000..7d0a31a
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
new file mode 100755
index 0000000..84e92c1
--- /dev/null
+++ b/tests/tests/failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -A root foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow gpasswd -A root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config.txt b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/group b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/passwd b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/shadow b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/data/gpasswd.err
new file mode 100644
index 0000000..448b6b3
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 0 ...
+gpasswd: cannot open /etc/group
diff --git a/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
new file mode 100755
index 0000000..c4fc2a8
--- /dev/null
+++ b/tests/tests/failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/group gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config.txt b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/group b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/passwd b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/shadow b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/data/gpasswd.err
new file mode 100644
index 0000000..b407c77
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 0 ...
+gpasswd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
new file mode 100755
index 0000000..3093af9
--- /dev/null
+++ b/tests/tests/failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -M root foo)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/gshadow gpasswd -M root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config.txt b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/group b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/passwd b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/shadow b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/data/gpasswd.err
new file mode 100644
index 0000000..ad9669b
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+gpasswd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
new file mode 100755
index 0000000..7b654ad
--- /dev/null
+++ b/tests/tests/failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot commit the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -a root foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group gpasswd -a root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config.txt b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/group b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/gpasswd.err b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/gpasswd.err
new file mode 100644
index 0000000..75f3e72
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/gpasswd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+gpasswd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/group b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..f7ef7ea
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:root
diff --git a/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
new file mode 100755
index 0000000..a7658f5
--- /dev/null
+++ b/tests/tests/failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd report failures when it cannot commit the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (gpasswd -a root foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow gpasswd -a root foo 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config.txt b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/group b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/group b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/groupadd.err b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/groupadd.err
new file mode 100644
index 0000000..add9af0
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+groupadd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
new file mode 100755
index 0000000..9114782
--- /dev/null
+++ b/tests/tests/failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures to save a new gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config.txt b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/group b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/gshadow b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/login.defs b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/passwd b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/shadow b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/data/groupadd.err b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/data/groupadd.err
new file mode 100644
index 0000000..62e2205
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+groupadd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/groupadd.test b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
new file mode 100755
index 0000000..6cfac74
--- /dev/null
+++ b/tests/tests/failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures to save a new group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config.txt b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/data/groupadd.err b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/data/groupadd.err
new file mode 100644
index 0000000..820b124
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupadd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
new file mode 100755
index 0000000..c00a1e3
--- /dev/null
+++ b/tests/tests/failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config.txt b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/default/useradd b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/group b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/login.defs b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/passwd b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/shadow b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/data/groupadd.err b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/data/groupadd.err
new file mode 100644
index 0000000..ec69296
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/data/groupadd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupadd: cannot open /etc/group
diff --git a/tests/tests/failures/groupadd/04_groupadd_group_open_failure/groupadd.test b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/groupadd.test
new file mode 100755
index 0000000..a07a86a
--- /dev/null
+++ b/tests/tests/failures/groupadd/04_groupadd_group_open_failure/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config.txt b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/group b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/group b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/groupdel.err b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/groupdel.err
new file mode 100644
index 0000000..569464f
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+groupdel: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
new file mode 100755
index 0000000..5e4d8ad
--- /dev/null
+++ b/tests/tests/failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures to save a new gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config.txt b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/group b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/gshadow b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/login.defs b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/passwd b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/shadow b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/data/groupdel.err b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/data/groupdel.err
new file mode 100644
index 0000000..b68ca55
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+groupdel: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/groupdel.test b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
new file mode 100755
index 0000000..0be68eb
--- /dev/null
+++ b/tests/tests/failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures to save a new group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config.txt b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/data/groupdel.err b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/data/groupdel.err
new file mode 100644
index 0000000..448878e
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupdel: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
new file mode 100755
index 0000000..664ce9f
--- /dev/null
+++ b/tests/tests/failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config.txt b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/default/useradd b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/group b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/group
new file mode 100644
index 0000000..c8c759e
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/login.defs b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/passwd b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/shadow b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/data/groupdel.err b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/data/groupdel.err
new file mode 100644
index 0000000..212e9a1
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/data/groupdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupdel: cannot open /etc/group
diff --git a/tests/tests/failures/groupdel/04_groupdel_group_open_failure/groupdel.test b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/groupdel.test
new file mode 100755
index 0000000..8a05da7
--- /dev/null
+++ b/tests/tests/failures/groupdel/04_groupdel_group_open_failure/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove group foo (groupdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config.txt b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/group b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/passwd b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/shadow b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/data/groupmems.err b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/data/groupmems.err
new file mode 100644
index 0000000..1d13747
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/data/groupmems.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupmems: cannot open /etc/group
diff --git a/tests/tests/failures/groupmems/01_groupmems_group_open_failure/groupmems.test b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/groupmems.test
new file mode 100755
index 0000000..7b772cf
--- /dev/null
+++ b/tests/tests/failures/groupmems/01_groupmems_group_open_failure/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group 1001 (groupmems -g 1001 -a nobody)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupmems -g 1001 -a nobody 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config.txt b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/data/groupmems.err b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/data/groupmems.err
new file mode 100644
index 0000000..3e01ee1
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/data/groupmems.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupmems: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
new file mode 100755
index 0000000..8be4d6e
--- /dev/null
+++ b/tests/tests/failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group 1001 (groupmems -g 1001 -a nobody)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupmems -g 1001 -a nobody 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config.txt b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/group b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/group b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/groupmod.err b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/groupmod.err
new file mode 100644
index 0000000..652104e
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+groupmod: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
new file mode 100755
index 0000000..4b19ee8
--- /dev/null
+++ b/tests/tests/failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow groupmod -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config.txt b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/group b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/group b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/groupmod.err b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/groupmod.err
new file mode 100644
index 0000000..ee51312
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+groupmod: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
new file mode 100755
index 0000000..7b38a60
--- /dev/null
+++ b/tests/tests/failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod changes the primary group of users when it changes the GID of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config.txt b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/group b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/gshadow b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/login.defs b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/passwd b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/shadow b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/data/groupmod.err b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/data/groupmod.err
new file mode 100644
index 0000000..505d2d4
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+groupmod: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
new file mode 100755
index 0000000..966ec7c
--- /dev/null
+++ b/tests/tests/failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group groupmod -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config.txt b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/group b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/data/groupmod.err b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/data/groupmod.err
new file mode 100644
index 0000000..f892b68
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+groupmod: cannot open /etc/group
diff --git a/tests/tests/failures/groupmod/04_groupmod_group_open_failure/groupmod.test b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/groupmod.test
new file mode 100755
index 0000000..ec94d5e
--- /dev/null
+++ b/tests/tests/failures/groupmod/04_groupmod_group_open_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config.txt b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/data/groupmod.err b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/data/groupmod.err
new file mode 100644
index 0000000..0aca92f
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+groupmod: cannot open /etc/gshadow
diff --git a/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
new file mode 100755
index 0000000..acf3248
--- /dev/null
+++ b/tests/tests/failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupmod -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config.txt b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/group b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/data/group b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
new file mode 100755
index 0000000..c4d41de
--- /dev/null
+++ b/tests/tests/failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod does not need to open gshadow to change a gid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config.txt b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/group b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..e396cfd
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+baz:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..8f6ebbd
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/data/groupmod.err b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/data/groupmod.err
new file mode 100644
index 0000000..f8a82d0
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/data/groupmod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+groupmod: cannot open /etc/passwd
diff --git a/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
new file mode 100755
index 0000000..2bcc782
--- /dev/null
+++ b/tests/tests/failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo (groupmod -g 1001 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config.txt b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/group b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..e396cfd
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+baz:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..8f6ebbd
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
new file mode 100755
index 0000000..b801985
--- /dev/null
+++ b/tests/tests/failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod does not open the passwd file if not needed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo with same gid (groupmod -g 1000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd groupmod -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config.txt b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/default/useradd b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/group b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/login.defs b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/passwd b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..e396cfd
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+baz:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/shadow b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..8f6ebbd
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/group b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/gshadow b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
new file mode 100755
index 0000000..7480cf2
--- /dev/null
+++ b/tests/tests/failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod does not open the passwd file if not needed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config.txt b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/group b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/passwd b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/shadow b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/data/grpck.err b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/data/grpck.err
new file mode 100644
index 0000000..378a519
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+grpck: cannot open /etc/group
diff --git a/tests/tests/failures/grpck/01_grpck_system_group_open_failure/grpck.test b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/grpck.test
new file mode 100755
index 0000000..288099e
--- /dev/null
+++ b/tests/tests/failures/grpck/01_grpck_system_group_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check groups (grpck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config.txt b/tests/tests/failures/grpck/02_grpck_group_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/group b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/passwd b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/shadow b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/data/grpck.err b/tests/tests/failures/grpck/02_grpck_group_open_failure/data/grpck.err
new file mode 100644
index 0000000..c51c8a3
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE data/group 2 ...
+grpck: cannot open data/group
diff --git a/tests/tests/failures/grpck/02_grpck_group_open_failure/grpck.test b/tests/tests/failures/grpck/02_grpck_group_open_failure/grpck.test
new file mode 100755
index 0000000..41fe2a2
--- /dev/null
+++ b/tests/tests/failures/grpck/02_grpck_group_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check groups (grpck data/group)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/group grpck data/group 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config.txt b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/group b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/data/grpck.err b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/data/grpck.err
new file mode 100644
index 0000000..d15a190
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+grpck: cannot open /etc/gshadow
diff --git a/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
new file mode 100755
index 0000000..1016fc5
--- /dev/null
+++ b/tests/tests/failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the system gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check system groups (grpck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow grpck 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config.txt b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/default/useradd b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/group b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/gshadow b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/login.defs b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/passwd b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/shadow b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/group b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/grpck.err b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/grpck.err
new file mode 100644
index 0000000..61aff8a
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/grpck.err
@@ -0,0 +1,2 @@
+open FAILURE data/gshadow 2 ...
+grpck: cannot open data/gshadow
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/gshadow b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/grpck.test b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/grpck.test
new file mode 100755
index 0000000..2510878
--- /dev/null
+++ b/tests/tests/failures/grpck/04_grpck_gshadow_open_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck report failures when it cannot open the local gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check local groups (grpck data/group data/gshadow)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/gshadow grpck data/group data/gshadow 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config.txt b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/group b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/gshadow b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/login.defs b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/passwd b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/shadow b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/data/grpck.err b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/data/grpck.err
new file mode 100644
index 0000000..5eecbfd
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/data/grpck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+grpck: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/grpck.test b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
new file mode 100755
index 0000000..40f3ebc
--- /dev/null
+++ b/tests/tests/failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort group (grpck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group grpck -s 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config.txt b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/group b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/group b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..a9a2e4c
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
+nogroup:x:65534:
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/grpck.err b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/grpck.err
new file mode 100644
index 0000000..275d87f
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/data/grpck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+grpck: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
new file mode 100755
index 0000000..18f6979
--- /dev/null
+++ b/tests/tests/failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpck reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort group (grpck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow grpck -s 2>tmp/grpck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "grpck reported:"
+echo "======================================================================="
+cat tmp/grpck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpck.err tmp/grpck.err
+echo "error message OK."
+rm -f tmp/grpck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config.txt b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/group b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/gshadow b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/login.defs b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/passwd b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/shadow b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/data/grpconv.err b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/data/grpconv.err
new file mode 100644
index 0000000..e02074e
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+grpconv: cannot open /etc/group
diff --git a/tests/tests/failures/grpconv/01_grpconv_open_group_failure/grpconv.test b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/grpconv.test
new file mode 100755
index 0000000..3398314
--- /dev/null
+++ b/tests/tests/failures/grpconv/01_grpconv_open_group_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Disable shadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config.txt b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/group b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/data/grpconv.err b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/data/grpconv.err
new file mode 100644
index 0000000..101f3d5
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+grpconv: cannot open /etc/gshadow
diff --git a/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
new file mode 100755
index 0000000..77d4161
--- /dev/null
+++ b/tests/tests/failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Enable gshadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config.txt b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/group b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..5d68f69
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:*:101:
+Debian-exim:*:102:
+foo:abc:1000:
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/gshadow b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/login.defs b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/passwd b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/shadow b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/grpconv.err b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/grpconv.err
new file mode 100644
index 0000000..c1a1171
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+grpconv: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/gshadow b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/gshadow
new file mode 100644
index 0000000..372fb9b
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:*::
+Debian-exim:*::
+foo:abc::
diff --git a/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/grpconv.test b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
new file mode 100755
index 0000000..2d22d15
--- /dev/null
+++ b/tests/tests/failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures to write the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Enable gshadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config.txt b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/group b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/data/grpconv.err b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/data/grpconv.err
new file mode 100644
index 0000000..f4eee43
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/data/grpconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+grpconv: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
new file mode 100755
index 0000000..0537ca4
--- /dev/null
+++ b/tests/tests/failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpconv report failures to write the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Enable gshadow passwords (grpconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow grpconv 2>tmp/grpconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpconv reported:"
+echo "======================================================================="
+cat tmp/grpconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpconv.err tmp/grpconv.err
+echo "error message OK."
+rm -f tmp/grpconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config.txt b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/group b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/passwd b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/shadow b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/data/grpunconv.err
new file mode 100644
index 0000000..33ea6f3
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+grpunconv: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
new file mode 100755
index 0000000..8b4e014
--- /dev/null
+++ b/tests/tests/failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config.txt b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/group b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/passwd b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/shadow b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/data/grpunconv.err
new file mode 100644
index 0000000..fd1f2de
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+grpunconv: cannot open /etc/group
diff --git a/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
new file mode 100755
index 0000000..014788e
--- /dev/null
+++ b/tests/tests/failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config.txt b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/group b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/data/grpunconv.err
new file mode 100644
index 0000000..cb80cfd
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 0 ...
+grpunconv: cannot open /etc/gshadow
diff --git a/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
new file mode 100755
index 0000000..4516e06
--- /dev/null
+++ b/tests/tests/failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable gshadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/gshadow grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config.txt b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/group b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/gshadow b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/login.defs b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/passwd b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/shadow b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/group b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/group
new file mode 100644
index 0000000..54d3da4
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/group
@@ -0,0 +1,42 @@
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:*:1000:
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/grpunconv.err b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/grpunconv.err
new file mode 100644
index 0000000..84fa124
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/data/grpunconv.err
@@ -0,0 +1,2 @@
+unlink FAILURE /etc/gshadow
+grpunconv: cannot delete /etc/gshadow
diff --git a/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
new file mode 100755
index 0000000..4102719
--- /dev/null
+++ b/tests/tests/failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "grpunconv report failures when it cannot remove the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (grpunconv)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/etc/gshadow grpunconv 2>tmp/grpunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "grpunconv reported:"
+echo "======================================================================="
+cat tmp/grpunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/grpunconv.err tmp/grpunconv.err
+echo "error message OK."
+rm -f tmp/grpunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config.txt b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/group b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/passwd b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/shadow b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.err b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.err
new file mode 100644
index 0000000..b9a24a2
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+newusers: cannot open /etc/passwd
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.list b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/01_newusers_open_passwd_failure/newusers.test b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/newusers.test
new file mode 100755
index 0000000..25462a8
--- /dev/null
+++ b/tests/tests/failures/newusers/01_newusers_open_passwd_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config.txt b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/group b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/passwd b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/shadow b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.err b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.err
new file mode 100644
index 0000000..f46f22d
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+newusers: cannot open /etc/shadow
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.list b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/02_newusers_open_shadow_failure/newusers.test b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/newusers.test
new file mode 100755
index 0000000..b7fc584
--- /dev/null
+++ b/tests/tests/failures/newusers/02_newusers_open_shadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config.txt b/tests/tests/failures/newusers/03_newusers_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/default/useradd b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/group b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/gshadow b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/login.defs b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/passwd b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/shadow b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.err b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.err
new file mode 100644
index 0000000..3ec4f2f
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+newusers: cannot open /etc/group
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.list b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/03_newusers_open_group_failure/newusers.test b/tests/tests/failures/newusers/03_newusers_open_group_failure/newusers.test
new file mode 100755
index 0000000..95e075d
--- /dev/null
+++ b/tests/tests/failures/newusers/03_newusers_open_group_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config.txt b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/group b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.err b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.err
new file mode 100644
index 0000000..e2a9ca0
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+newusers: cannot open /etc/gshadow
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.list b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/newusers.test b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/newusers.test
new file mode 100755
index 0000000..6383079
--- /dev/null
+++ b/tests/tests/failures/newusers/04_newusers_open_gshadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (newusers foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config.txt b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/default/useradd b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/group b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.err b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.err
new file mode 100644
index 0000000..160bad7
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+newusers: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.list b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/newusers.test b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/newusers.test
new file mode 100755
index 0000000..3fc3097
--- /dev/null
+++ b/tests/tests/failures/newusers/05_newusers_rename_passwd_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config.txt b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/group b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.err b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.err
new file mode 100644
index 0000000..593b9ae
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+newusers: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.list b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/passwd b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/newusers.test b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/newusers.test
new file mode 100755
index 0000000..aad005f
--- /dev/null
+++ b/tests/tests/failures/newusers/06_newusers_rename_shadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config.txt b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/group b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/gshadow b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/login.defs b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/passwd b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/shadow b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.err b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.err
new file mode 100644
index 0000000..2ac5e86
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+newusers: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.list b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/passwd b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/shadow b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/shadow
new file mode 100644
index 0000000..602bef5
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/newusers/07_newusers_rename_group_failure/newusers.test b/tests/tests/failures/newusers/07_newusers_rename_group_failure/newusers.test
new file mode 100755
index 0000000..20a8771
--- /dev/null
+++ b/tests/tests/failures/newusers/07_newusers_rename_group_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config.txt b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/group b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/group b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.err b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.err
new file mode 100644
index 0000000..ca0738a
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+newusers: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.list b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/passwd b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/shadow b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/shadow
new file mode 100644
index 0000000..602bef5
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/newusers.test b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
new file mode 100755
index 0000000..8a8560f
--- /dev/null
+++ b/tests/tests/failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config.txt b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/group b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/gshadow b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/login.defs b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/passwd b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/passwd
new file mode 100644
index 0000000..03a7177
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/shadow b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/group b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/gshadow b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.err b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.err
new file mode 100644
index 0000000..70bfcb5
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.err
@@ -0,0 +1,4 @@
+rename FAILURE /etc/nshadow /etc/shadow
+newusers: (user foo) pam_chauthtok() failed, error:
+Authentication token manipulation error
+newusers: (line 1, user foo) password not changed
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.list b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/passwd b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/passwd
new file mode 100644
index 0000000..ce8e3c3
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/data/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
new file mode 100755
index 0000000..3ce542e
--- /dev/null
+++ b/tests/tests/failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config.txt b/tests/tests/failures/newusers/10_newusers_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/default/useradd b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/group b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/group
new file mode 100644
index 0000000..beb7c87
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/gshadow b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/gshadow
new file mode 100644
index 0000000..55b8e95
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/pam.d/common-password b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/passwd b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/config/etc/shadow b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/group b/tests/tests/failures/newusers/10_newusers_time_0/data/group
new file mode 100644
index 0000000..dcabb32
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/gshadow b/tests/tests/failures/newusers/10_newusers_time_0/data/gshadow
new file mode 100644
index 0000000..dc9f7f6
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/newusers.list b/tests/tests/failures/newusers/10_newusers_time_0/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/passwd b/tests/tests/failures/newusers/10_newusers_time_0/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/data/shadow b/tests/tests/failures/newusers/10_newusers_time_0/data/shadow
new file mode 100644
index 0000000..37df8e5
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 fooPass@::0:99999:7:::
diff --git a/tests/tests/failures/newusers/10_newusers_time_0/newusers.test b/tests/tests/failures/newusers/10_newusers_time_0/newusers.test
new file mode 100755
index 0000000..27d5ce9
--- /dev/null
+++ b/tests/tests/failures/newusers/10_newusers_time_0/newusers.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "newusers disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (newusers data/newusers.list)..."
+LD_PRELOAD=../../../common/time_0.so newusers data/newusers.list 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config.txt b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/group b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/passwd b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/shadow b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/data/pwck.err b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/data/pwck.err
new file mode 100644
index 0000000..9839b9e
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+pwck: cannot open /etc/passwd
diff --git a/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/pwck.test b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
new file mode 100755
index 0000000..f28c481
--- /dev/null
+++ b/tests/tests/failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check user db (pwck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config.txt b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/group b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/passwd b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/shadow b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/data/pwck.err b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/data/pwck.err
new file mode 100644
index 0000000..7ffd649
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE data/passwd 2 ...
+pwck: cannot open data/passwd
diff --git a/tests/tests/failures/pwck/02_pwck_passwd_open_failure/pwck.test b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/pwck.test
new file mode 100755
index 0000000..e9dcc9b
--- /dev/null
+++ b/tests/tests/failures/pwck/02_pwck_passwd_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check users (pwck data/passwd)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/passwd pwck data/passwd 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config.txt b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/group b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/passwd b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/shadow b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/data/pwck.err b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/data/pwck.err
new file mode 100644
index 0000000..ee7dde0
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+pwck: cannot open /etc/shadow
diff --git a/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/pwck.test b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
new file mode 100755
index 0000000..5033612
--- /dev/null
+++ b/tests/tests/failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the system shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check system groups (pwck)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow pwck 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config.txt b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/group b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/gshadow b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/passwd b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/shadow b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/passwd b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/pwck.err b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/pwck.err
new file mode 100644
index 0000000..bac9260
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/data/pwck.err
@@ -0,0 +1,2 @@
+open FAILURE data/shadow 2 ...
+pwck: cannot open data/shadow
diff --git a/tests/tests/failures/pwck/04_pwck_shadow_open_failure/pwck.test b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/pwck.test
new file mode 100755
index 0000000..ef2b899
--- /dev/null
+++ b/tests/tests/failures/pwck/04_pwck_shadow_open_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck report failures when it cannot open the local shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Check local groups (pwck data/group data/shadow)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=data/shadow pwck data/passwd data/shadow 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config.txt b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/group b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/data/pwck.err b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/data/pwck.err
new file mode 100644
index 0000000..3b474db
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+pwck: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
new file mode 100755
index 0000000..b02853e
--- /dev/null
+++ b/tests/tests/failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort passwd (pwck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd pwck -s 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config.txt b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/group b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/passwd b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..2be1ed6
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/pwck.err b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/pwck.err
new file mode 100644
index 0000000..3d6e8cb
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+pwck: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
new file mode 100755
index 0000000..0b780e4
--- /dev/null
+++ b/tests/tests/failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Sort group (pwck -s)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow pwck -s 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config.txt b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/group b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/passwd b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/pwck.err b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/pwck.err
new file mode 100644
index 0000000..c66b0e3
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE tmp/passwd+ tmp/passwd
+pwck: failure while writing changes to tmp/passwd
diff --git a/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
new file mode 100755
index 0000000..721734e
--- /dev/null
+++ b/tests/tests/failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write a passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+cp data/passwd tmp/
+
+echo -n "Sort passwd (pwck -s tmp/passwd)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=tmp/passwd pwck -s tmp/passwd 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+diff -au data/passwd tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+rm -f tmp/passwd tmp/passwd+ tmp/passwd-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config.txt b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/group b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd.out b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd.out
new file mode 100644
index 0000000..2be1ed6
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/passwd.out
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/pwck.err b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/pwck.err
new file mode 100644
index 0000000..4b1415b
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/pwck.err
@@ -0,0 +1,2 @@
+rename FAILURE tmp/shadow+ tmp/shadow
+pwck: failure while writing changes to tmp/shadow
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/shadow b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
new file mode 100755
index 0000000..435aa53
--- /dev/null
+++ b/tests/tests/failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwck reports failure to write a shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+cp data/passwd data/shadow tmp/
+
+echo -n "Sort group (pwck -s tmp/passwd tmp/shadow)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=tmp/shadow pwck -s tmp/passwd tmp/shadow 2>tmp/pwck.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "5"
+echo "OK"
+
+echo "pwck reported:"
+echo "======================================================================="
+cat tmp/pwck.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwck.err tmp/pwck.err
+echo "error message OK."
+rm -f tmp/pwck.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+diff -au data/passwd.out tmp/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+diff -au data/shadow tmp/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+rm -f tmp/passwd tmp/passwd- tmp/shadow tmp/shadow+ tmp/shadow-
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config.txt b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config.txt
new file mode 100644
index 0000000..01189bd
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo
+group foo with typo in group
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/group b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/gshadow b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/passwd b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/passwd
new file mode 100644
index 0000000..3030f9e
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/passwd
@@ -0,0 +1,12 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+foo:x:1000:1000::/home:/bin/sh
+bar:x:1001:1000::/home:/bin/sh
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/shadow b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/shadow
new file mode 100644
index 0000000..d3c0775
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/config/etc/shadow
@@ -0,0 +1,11 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/data/shadow b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/data/shadow
new file mode 100644
index 0000000..053ac3f
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/data/shadow
@@ -0,0 +1,12 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:x::0:99999:7:::
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.exp b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.exp
new file mode 100755
index 0000000..b379fd4
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "LD_PRELOAD=../../../common/time_0.so pwck\r"
+expect "no matching password file entry in /etc/shadow"
+expect "add user 'bar' in /etc/shadow? "
+send "yes\r"
+expect "pwck: the files have been updated"
+expect "# "
+send "echo \$?\r"
+expect "2"
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
new file mode 100755
index 0000000..e473196
--- /dev/null
+++ b/tests/tests/failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "If time is 0, pwck creates shadow entry with no last password change date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./pwck.exp
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config.txt b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/group b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/passwd b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/shadow b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/data/pwconv.err b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/data/pwconv.err
new file mode 100644
index 0000000..d26864f
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+pwconv: cannot open /etc/passwd
diff --git a/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
new file mode 100755
index 0000000..cb14e0b
--- /dev/null
+++ b/tests/tests/failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config.txt b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/group b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/passwd b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/shadow b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/data/pwconv.err b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/data/pwconv.err
new file mode 100644
index 0000000..7727450
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+pwconv: cannot open /etc/shadow
diff --git a/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
new file mode 100755
index 0000000..031a72c
--- /dev/null
+++ b/tests/tests/failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config.txt b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/group b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/pwconv.err b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/pwconv.err
new file mode 100644
index 0000000..b8177df
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+pwconv: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/shadow b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/shadow
new file mode 100644
index 0000000..b678d83
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/data/shadow
@@ -0,0 +1,20 @@
+root:*:@TODAY@:0:99999:7:::
+daemon:*:@TODAY@:0:99999:7:::
+bin:*:@TODAY@:0:99999:7:::
+sys:*:@TODAY@:0:99999:7:::
+sync:*:@TODAY@:0:99999:7:::
+games:*:@TODAY@:0:99999:7:::
+man:*:@TODAY@:0:99999:7:::
+lp:*:@TODAY@:0:99999:7:::
+mail:*:@TODAY@:0:99999:7:::
+news:*:@TODAY@:0:99999:7:::
+uucp:*:@TODAY@:0:99999:7:::
+proxy:*:@TODAY@:0:99999:7:::
+www-data:*:@TODAY@:0:99999:7:::
+backup:*:@TODAY@:0:99999:7:::
+list:*:@TODAY@:0:99999:7:::
+irc:*:@TODAY@:0:99999:7:::
+gnats:*:@TODAY@:0:99999:7:::
+nobody:*:@TODAY@:0:99999:7:::
+Debian-exim:*:@TODAY@:0:99999:7:::
+foo:abc:@TODAY@:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
new file mode 100755
index 0000000..44f2307
--- /dev/null
+++ b/tests/tests/failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures to write the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config.txt b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/group b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/data/pwconv.err b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/data/pwconv.err
new file mode 100644
index 0000000..cf5ddf3
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/data/pwconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+pwconv: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
new file mode 100755
index 0000000..589ed3e
--- /dev/null
+++ b/tests/tests/failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv report failures to write the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the shadow file..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Enable shadow passwords (pwconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow pwconv 2>tmp/pwconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwconv reported:"
+echo "======================================================================="
+cat tmp/pwconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwconv.err tmp/pwconv.err
+echo "error message OK."
+rm -f tmp/pwconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config.txt b/tests/tests/failures/pwconv/05_pwconv_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/group b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/gshadow b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/passwd b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/passwd
new file mode 100644
index 0000000..8656be4
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:*:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:*:102:102::/var/spool/exim4:/bin/false
+foo:abc:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/shadow b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/data/passwd b/tests/tests/failures/pwconv/05_pwconv_time_0/data/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/data/shadow b/tests/tests/failures/pwconv/05_pwconv_time_0/data/shadow
new file mode 100644
index 0000000..a3b7cff
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:*::0:99999:7:::
+daemon:*::0:99999:7:::
+bin:*::0:99999:7:::
+sys:*::0:99999:7:::
+sync:*::0:99999:7:::
+games:*::0:99999:7:::
+man:*::0:99999:7:::
+lp:*::0:99999:7:::
+mail:*::0:99999:7:::
+news:*::0:99999:7:::
+uucp:*::0:99999:7:::
+proxy:*::0:99999:7:::
+www-data:*::0:99999:7:::
+backup:*::0:99999:7:::
+list:*::0:99999:7:::
+irc:*::0:99999:7:::
+gnats:*::0:99999:7:::
+nobody:*::0:99999:7:::
+Debian-exim:*::0:99999:7:::
+foo:abc::0:99999:7:::
diff --git a/tests/tests/failures/pwconv/05_pwconv_time_0/pwconv.test b/tests/tests/failures/pwconv/05_pwconv_time_0/pwconv.test
new file mode 100755
index 0000000..5c9a650
--- /dev/null
+++ b/tests/tests/failures/pwconv/05_pwconv_time_0/pwconv.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwconv disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Convert to shadow (pwconv)..."
+LD_PRELOAD=../../../common/time_0.so pwconv 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config.txt b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/group b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/data/pwunconv.err
new file mode 100644
index 0000000..a1368c9
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+pwunconv: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
new file mode 100755
index 0000000..3f1d312
--- /dev/null
+++ b/tests/tests/failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config.txt b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/group b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/passwd b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/shadow b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/data/pwunconv.err
new file mode 100644
index 0000000..44cd4fa
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+pwunconv: cannot open /etc/passwd
diff --git a/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
new file mode 100755
index 0000000..8212cf2
--- /dev/null
+++ b/tests/tests/failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config.txt b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/group b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/passwd b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/shadow b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/data/pwunconv.err
new file mode 100644
index 0000000..a61ba35
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 0 ...
+pwunconv: cannot open /etc/shadow
diff --git a/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
new file mode 100755
index 0000000..0c8f79f
--- /dev/null
+++ b/tests/tests/failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/open_RDONLY_failure.so FAILURE_PATH=/etc/shadow pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config.txt b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/group b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/gshadow b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/login.defs b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/passwd b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/shadow b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/passwd b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/passwd
new file mode 100644
index 0000000..3416c55
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:0:0:root:/root:/bin/bash
+daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+bin:*:2:2:bin:/bin:/bin/sh
+sys:*:3:3:sys:/dev:/bin/sh
+sync:*:4:65534:sync:/bin:/bin/sync
+games:*:5:60:games:/usr/games:/bin/sh
+man:*:6:12:man:/var/cache/man:/bin/sh
+lp:*:7:7:lp:/var/spool/lpd:/bin/sh
+mail:*:8:8:mail:/var/mail:/bin/sh
+news:*:9:9:news:/var/spool/news:/bin/sh
+uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:*:13:13:proxy:/bin:/bin/sh
+www-data:*:33:33:www-data:/var/www:/bin/sh
+backup:*:34:34:backup:/var/backups:/bin/sh
+list:*:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:*:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:!:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/pwunconv.err b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/pwunconv.err
new file mode 100644
index 0000000..a8ecf49
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/data/pwunconv.err
@@ -0,0 +1,2 @@
+unlink FAILURE /etc/shadow
+pwunconv: cannot delete /etc/shadow
diff --git a/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
new file mode 100755
index 0000000..045719f
--- /dev/null
+++ b/tests/tests/failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "pwunconv report failures when it cannot remove the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable shadow passwords (pwunconv)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/etc/shadow pwunconv 2>tmp/pwunconv.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "pwunconv reported:"
+echo "======================================================================="
+cat tmp/pwunconv.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/pwunconv.err tmp/pwunconv.err
+echo "error message OK."
+rm -f tmp/pwunconv.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config.txt b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/group b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/passwd b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/shadow b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/data/useradd.err b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/data/useradd.err
new file mode 100644
index 0000000..0a3ce8c
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+useradd: cannot open /etc/passwd
diff --git a/tests/tests/failures/useradd/01_useradd_open_passwd_failure/useradd.test b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/useradd.test
new file mode 100755
index 0000000..930d565
--- /dev/null
+++ b/tests/tests/failures/useradd/01_useradd_open_passwd_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config.txt b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/group b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/passwd b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/shadow b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/data/useradd.err b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/data/useradd.err
new file mode 100644
index 0000000..8d691d1
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+useradd: cannot open /etc/shadow
diff --git a/tests/tests/failures/useradd/02_useradd_open_shadow_failure/useradd.test b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/useradd.test
new file mode 100755
index 0000000..0c3d7fc
--- /dev/null
+++ b/tests/tests/failures/useradd/02_useradd_open_shadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config.txt b/tests/tests/failures/useradd/03_useradd_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/default/useradd b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/group b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/gshadow b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/login.defs b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/passwd b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/shadow b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/data/useradd.err b/tests/tests/failures/useradd/03_useradd_open_group_failure/data/useradd.err
new file mode 100644
index 0000000..59a33be
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+useradd: cannot open /etc/group
diff --git a/tests/tests/failures/useradd/03_useradd_open_group_failure/useradd.test b/tests/tests/failures/useradd/03_useradd_open_group_failure/useradd.test
new file mode 100755
index 0000000..b99d914
--- /dev/null
+++ b/tests/tests/failures/useradd/03_useradd_open_group_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config.txt b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/group b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/data/useradd.err b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/data/useradd.err
new file mode 100644
index 0000000..3e64279
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+useradd: cannot open /etc/gshadow
diff --git a/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/useradd.test b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/useradd.test
new file mode 100755
index 0000000..5ab5eac
--- /dev/null
+++ b/tests/tests/failures/useradd/04_useradd_open_gshadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config.txt b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/default/useradd b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/group b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/gshadow b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/login.defs b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/passwd b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/shadow b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/data/useradd.err b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/data/useradd.err
new file mode 100644
index 0000000..6d25d1d
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+useradd: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/useradd.test b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/useradd.test
new file mode 100755
index 0000000..2428ed0
--- /dev/null
+++ b/tests/tests/failures/useradd/05_useradd_rename_passwd_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config.txt b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/group b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/passwd b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/shadow b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/passwd b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/useradd.err b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/useradd.err
new file mode 100644
index 0000000..49e06ab
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+useradd: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/useradd.test b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/useradd.test
new file mode 100755
index 0000000..50ec15f
--- /dev/null
+++ b/tests/tests/failures/useradd/06_useradd_rename_shadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config.txt b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/default/useradd b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/group b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/gshadow b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/login.defs b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/passwd b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/shadow b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/passwd b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/shadow b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/useradd.err b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/useradd.err
new file mode 100644
index 0000000..75a035e
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+useradd: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/useradd/07_useradd_rename_group_failure/useradd.test b/tests/tests/failures/useradd/07_useradd_rename_group_failure/useradd.test
new file mode 100755
index 0000000..ed64725
--- /dev/null
+++ b/tests/tests/failures/useradd/07_useradd_rename_group_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config.txt b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/group b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/gshadow b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/login.defs b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/passwd b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/shadow b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/group b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/passwd b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/shadow b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/useradd.err b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/useradd.err
new file mode 100644
index 0000000..a355259
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+useradd: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/useradd.test b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
new file mode 100755
index 0000000..11f7f68
--- /dev/null
+++ b/tests/tests/failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config.txt b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/default/useradd b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/group b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/gshadow b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/login.defs b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/passwd b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/shadow b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/data/useradd.err b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/data/useradd.err
new file mode 100644
index 0000000..956521a
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/default/nuaddXXXXXX /etc/default/useradd
+useradd: rename: /etc/default/nuaddXXXXXX: Input/output error
diff --git a/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/useradd.test b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/useradd.test
new file mode 100755
index 0000000..f845652
--- /dev/null
+++ b/tests/tests/failures/useradd/09_useradd_rename_defaults_failure/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set default value (useradd -D -g 10)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/default/useradd useradd -D -g 10 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+sed -e 's/nuadd....../nuaddXXXXXX/' -i tmp/useradd.err
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config.txt b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/default/useradd b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/group b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/gshadow b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/login.defs b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/passwd b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/shadow b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/data/useradd.err b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/data/useradd.err
new file mode 100644
index 0000000..7ec53ac
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/data/useradd.err
@@ -0,0 +1,2 @@
+link FAILURE /etc/default/useradd /etc/default/useradd-
+useradd: Cannot create backup file (/etc/default/useradd-): Input/output error
diff --git a/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
new file mode 100755
index 0000000..241f727
--- /dev/null
+++ b/tests/tests/failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to create backup /etc/default/useradd-"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set default value (useradd -D -g 10)..."
+LD_PRELOAD=../../../common/link_failure.so FAILURE_PATH=/etc/default/useradd- useradd -D -g 10 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config.txt b/tests/tests/failures/useradd/11_useradd_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/default/useradd b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/group b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/group
new file mode 100644
index 0000000..beb7c87
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/gshadow b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/gshadow
new file mode 100644
index 0000000..55b8e95
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/pam.d/common-password b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/passwd b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/config/etc/shadow b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/group b/tests/tests/failures/useradd/11_useradd_time_0/data/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/gshadow b/tests/tests/failures/useradd/11_useradd_time_0/data/gshadow
new file mode 100644
index 0000000..ed9618e
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/newusers.list b/tests/tests/failures/useradd/11_useradd_time_0/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/passwd b/tests/tests/failures/useradd/11_useradd_time_0/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/data/shadow b/tests/tests/failures/useradd/11_useradd_time_0/data/shadow
new file mode 100644
index 0000000..d295f85
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!::0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/11_useradd_time_0/useradd.test b/tests/tests/failures/useradd/11_useradd_time_0/useradd.test
new file mode 100755
index 0000000..1c61138
--- /dev/null
+++ b/tests/tests/failures/useradd/11_useradd_time_0/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo (useradd foo)..."
+LD_PRELOAD=../../../common/time_0.so useradd foo 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config.txt b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/group b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/passwd b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/shadow b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subgid b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subuid b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/data/useradd.err b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/data/useradd.err
new file mode 100644
index 0000000..6d84972
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+useradd: cannot open /etc/subuid
diff --git a/tests/tests/failures/useradd/12_useradd_open_subuid_failure/useradd.test b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/useradd.test
new file mode 100755
index 0000000..0263300
--- /dev/null
+++ b/tests/tests/failures/useradd/12_useradd_open_subuid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config.txt b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/group b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/passwd b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/shadow b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subgid b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subuid b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/data/useradd.err b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/data/useradd.err
new file mode 100644
index 0000000..594f4d6
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+useradd: cannot open /etc/subgid
diff --git a/tests/tests/failures/useradd/13_useradd_open_subgid_failure/useradd.test b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/useradd.test
new file mode 100755
index 0000000..eff1bc9
--- /dev/null
+++ b/tests/tests/failures/useradd/13_useradd_open_subgid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo (useradd foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config.txt b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/group b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/gshadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/login.defs b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/passwd b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/shadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subgid b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subuid b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/group b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/gshadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/passwd b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/shadow b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/useradd.err b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/useradd.err
new file mode 100644
index 0000000..1798df6
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subuid+ /etc/subuid
+useradd: failure while writing changes to /etc/subuid
diff --git a/tests/tests/failures/useradd/14_username_rename_subuid_failure/useradd.test b/tests/tests/failures/useradd/14_username_rename_subuid_failure/useradd.test
new file mode 100755
index 0000000..5b007b9
--- /dev/null
+++ b/tests/tests/failures/useradd/14_username_rename_subuid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subuid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config.txt b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/default/useradd b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/group b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/gshadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/login.defs b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/passwd b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/shadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subgid b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subuid b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/group b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/gshadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/passwd b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/shadow b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/subuid b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/useradd.err b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/useradd.err
new file mode 100644
index 0000000..0d1b654
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/data/useradd.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subgid+ /etc/subgid
+useradd: failure while writing changes to /etc/subgid
diff --git a/tests/tests/failures/useradd/15_username_rename_subgid_failure/useradd.test b/tests/tests/failures/useradd/15_username_rename_subgid_failure/useradd.test
new file mode 100755
index 0000000..db47258
--- /dev/null
+++ b/tests/tests/failures/useradd/15_username_rename_subgid_failure/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports failure to write /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (useradd foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subgid useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config.txt b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/group b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/group b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/passwd b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/shadow b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/userdel.err b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/userdel.err
new file mode 100644
index 0000000..e84c8f8
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+userdel: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/userdel.test b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
new file mode 100755
index 0000000..3b7c17c
--- /dev/null
+++ b/tests/tests/failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config.txt b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/group b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/passwd b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/shadow b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/userdel.err b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/userdel.err
new file mode 100644
index 0000000..21962cd
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+userdel: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/userdel/02_userdel_group_rename_failure/userdel.test b/tests/tests/failures/userdel/02_userdel_group_rename_failure/userdel.test
new file mode 100755
index 0000000..da9b693
--- /dev/null
+++ b/tests/tests/failures/userdel/02_userdel_group_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config.txt b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/group b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/passwd b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/userdel.err b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/userdel.err
new file mode 100644
index 0000000..a241b55
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+userdel: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/userdel.test b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/userdel.test
new file mode 100755
index 0000000..6ad2516
--- /dev/null
+++ b/tests/tests/failures/userdel/03_userdel_shadow_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config.txt b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/default/useradd b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/group b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/data/userdel.err b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/data/userdel.err
new file mode 100644
index 0000000..7058c90
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+userdel: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/userdel.test b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/userdel.test
new file mode 100755
index 0000000..945bf5b
--- /dev/null
+++ b/tests/tests/failures/userdel/04_userdel_passwd_rename_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config.txt b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/default/useradd b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/group b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/gshadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/login.defs b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/passwd b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/shadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/var/mail/foo b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/var/mail/foo
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/config/var/mail/foo
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/group b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/gshadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/passwd b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/shadow b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/userdel.err b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/userdel.err
new file mode 100644
index 0000000..0ed73cf
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/data/userdel.err
@@ -0,0 +1,3 @@
+unlink FAILURE /var/mail/foo
+userdel: warning: can't remove /var/mail/foo: Device or resource busy
+userdel: foo home directory (/home/foo) not found
diff --git a/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/userdel.test b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
new file mode 100755
index 0000000..cd0b356
--- /dev/null
+++ b/tests/tests/failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel -r reports failure to remove the mailbox"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Changing ownership of /var/mail/foo..."
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "delete user foo with its mail spool (userdel -r foo)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/var/mail/foo userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+ 
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config.txt b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/default/useradd b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/group b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/gshadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/login.defs b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/passwd b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/shadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/group b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/gshadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/passwd b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/shadow b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/userdel.err b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/userdel.err
new file mode 100644
index 0000000..d46d879
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/data/userdel.err
@@ -0,0 +1,3 @@
+userdel: foo mail spool (/var/mail/foo) not found
+unlink FAILURE /home/foo/bar/baz
+userdel: error removing directory /home/foo
diff --git a/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
new file mode 100755
index 0000000..d41d189
--- /dev/null
+++ b/tests/tests/failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel -r reports failure to remove a file in the home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an home directory for foo..."
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+mkdir /home/foo/bar
+touch /home/foo/bar/baz
+chown -R foo:foo /home/foo
+echo "OK"
+
+echo -n "delete user foo with its mail spool (userdel -r foo)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/home/foo/bar/baz userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+ 
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+rm -rf /home/foo
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config.txt b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/default/useradd b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/group b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/gshadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/login.defs b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/passwd b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/shadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/group b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/gshadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/passwd b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/shadow b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/userdel.err b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/userdel.err
new file mode 100644
index 0000000..f874083
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/data/userdel.err
@@ -0,0 +1,3 @@
+userdel: foo mail spool (/var/mail/foo) not found
+rmdir FAILURE /home/foo
+userdel: error removing directory /home/foo
diff --git a/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/userdel.test b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/userdel.test
new file mode 100755
index 0000000..deca402
--- /dev/null
+++ b/tests/tests/failures/userdel/07_userdel_failure_remove_homedir/userdel.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel -r reports failure to remove the home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an home directory for foo..."
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+mkdir /home/foo/bar
+touch /home/foo/bar/baz
+chown -R foo:foo /home/foo
+echo "OK"
+
+echo -n "delete user foo with its mail spool (userdel -r foo)..."
+LD_PRELOAD=../../../common/rmdir_failure.so FAILURE_PATH=/home/foo userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+ 
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+rm -rf /home/foo
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config.txt b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/group b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/passwd b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/shadow b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/data/userdel.err b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/data/userdel.err
new file mode 100644
index 0000000..5329f8a
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+userdel: cannot open /etc/passwd
diff --git a/tests/tests/failures/userdel/08_userdel_open_passwd_failure/userdel.test b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/userdel.test
new file mode 100755
index 0000000..dfa5bc6
--- /dev/null
+++ b/tests/tests/failures/userdel/08_userdel_open_passwd_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config.txt b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/group b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/passwd b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/shadow b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/data/userdel.err b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/data/userdel.err
new file mode 100644
index 0000000..b15cf95
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+userdel: cannot open /etc/shadow
diff --git a/tests/tests/failures/userdel/09_userdel_open_shadow_failure/userdel.test b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/userdel.test
new file mode 100755
index 0000000..434cf32
--- /dev/null
+++ b/tests/tests/failures/userdel/09_userdel_open_shadow_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config.txt b/tests/tests/failures/userdel/10_userdel_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/default/useradd b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/group b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/gshadow b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/login.defs b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/passwd b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/shadow b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/data/userdel.err b/tests/tests/failures/userdel/10_userdel_open_group_failure/data/userdel.err
new file mode 100644
index 0000000..e671f64
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+userdel: cannot open /etc/group
diff --git a/tests/tests/failures/userdel/10_userdel_open_group_failure/userdel.test b/tests/tests/failures/userdel/10_userdel_open_group_failure/userdel.test
new file mode 100755
index 0000000..2e3ad62
--- /dev/null
+++ b/tests/tests/failures/userdel/10_userdel_open_group_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config.txt b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/group b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..c41f98b
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:foo:/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/data/userdel.err b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/data/userdel.err
new file mode 100644
index 0000000..e24e7f4
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+userdel: cannot open /etc/gshadow
diff --git a/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/userdel.test b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/userdel.test
new file mode 100755
index 0000000..4a75f66
--- /dev/null
+++ b/tests/tests/failures/userdel/11_userdel_open_gshadow_failure/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config.txt b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/group b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/passwd b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/shadow b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subgid b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subuid b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/data/userdel.err b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/data/userdel.err
new file mode 100644
index 0000000..cd0d1c4
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+userdel: cannot open /etc/subuid
diff --git a/tests/tests/failures/userdel/12_userdel_open_subuid_failure/userdel.test b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/userdel.test
new file mode 100755
index 0000000..844f04f
--- /dev/null
+++ b/tests/tests/failures/userdel/12_userdel_open_subuid_failure/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config.txt b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/group b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/passwd b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/shadow b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subgid b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subuid b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/data/userdel.err b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/data/userdel.err
new file mode 100644
index 0000000..bcc53e2
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+userdel: cannot open /etc/subgid
diff --git a/tests/tests/failures/userdel/13_userdel_open_subgid_failure/userdel.test b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/userdel.test
new file mode 100755
index 0000000..2a67bcb
--- /dev/null
+++ b/tests/tests/failures/userdel/13_userdel_open_subgid_failure/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config.txt b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/group b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/gshadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/login.defs b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/passwd b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/shadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subgid b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subuid b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/group b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/gshadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/passwd b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/shadow b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/userdel.err b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/userdel.err
new file mode 100644
index 0000000..ae0d56e
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subuid+ /etc/subuid
+userdel: failure while writing changes to /etc/subuid
diff --git a/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/usedel.test b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/usedel.test
new file mode 100755
index 0000000..a6e7d43
--- /dev/null
+++ b/tests/tests/failures/userdel/14_userdel_rename_subuid_failure/usedel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subuid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config.txt b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/default/useradd b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/group b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/gshadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/login.defs b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/passwd b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/shadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subgid b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subuid b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..a0bb603
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+root:200000:10000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/group b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/gshadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/passwd b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/shadow b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/subuid b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/subuid
new file mode 100644
index 0000000..83a5781
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/subuid
@@ -0,0 +1 @@
+root:200000:10000
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/userdel.err b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/userdel.err
new file mode 100644
index 0000000..35e206c
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/data/userdel.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subgid+ /etc/subgid
+userdel: failure while writing changes to /etc/subgid
diff --git a/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/usedel.test b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/usedel.test
new file mode 100755
index 0000000..5312e8b
--- /dev/null
+++ b/tests/tests/failures/userdel/15_userdel_rename_subgid_failure/usedel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel reports failure to write /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subgid userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config.txt b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/group b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/group b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/group
new file mode 100644
index 0000000..41fb326
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:bar
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/passwd b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/shadow b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/usermod.err b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/usermod.err
new file mode 100644
index 0000000..449003a
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/gshadow+ /etc/gshadow
+usermod: failure while writing changes to /etc/gshadow
diff --git a/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
new file mode 100755
index 0000000..e7d1c2d
--- /dev/null
+++ b/tests/tests/failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config.txt b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/group b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/data/usermod.err b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/data/usermod.err
new file mode 100644
index 0000000..a5fd4c3
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+usermod: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
new file mode 100755
index 0000000..119d76a
--- /dev/null
+++ b/tests/tests/failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports failure to write /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change UID of foo to 1001 (usermod -u 1001 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/passwd usermod -u 1001 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config.txt b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/group b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/passwd b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/shadow b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/usermod.err b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/usermod.err
new file mode 100644
index 0000000..69a5e8b
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/group+ /etc/group
+usermod: failure while writing changes to /etc/group
diff --git a/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
new file mode 100755
index 0000000..c5d69bb
--- /dev/null
+++ b/tests/tests/failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename user foo to bar (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/group usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config.txt b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/default/useradd b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/group b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/gshadow b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/login.defs b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/passwd b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/shadow b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/passwd b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/shadow b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
new file mode 100755
index 0000000..2e64fd3
--- /dev/null
+++ b/tests/tests/failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not try to rewrite gshadow if not changed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/gshadow usermod -l bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config.txt b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/default/useradd b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/group b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/group
new file mode 100644
index 0000000..2a5b8a4
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/gshadow b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/gshadow
new file mode 100644
index 0000000..ed34100
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/login.defs b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/passwd b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/shadow b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/passwd b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/passwd
new file mode 100644
index 0000000..09a6642
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/usermod.err b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/usermod.err
new file mode 100644
index 0000000..43c186a
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/shadow+ /etc/shadow
+usermod: failure while writing changes to /etc/shadow
diff --git a/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
new file mode 100755
index 0000000..df94b43
--- /dev/null
+++ b/tests/tests/failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports failure to write /etc/shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change name of foo to bar (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/shadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config.txt b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/default/useradd b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/group b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/gshadow b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/login.defs b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/passwd b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/shadow b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/data/usermod.err b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/data/usermod.err
new file mode 100644
index 0000000..e060976
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/passwd 2 ...
+usermod: cannot open /etc/passwd
diff --git a/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
new file mode 100755
index 0000000..5e069f6
--- /dev/null
+++ b/tests/tests/failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the passwd file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/passwd usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config.txt b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/default/useradd b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/group b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/gshadow b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/login.defs b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/passwd b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/shadow b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/data/usermod.err b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/data/usermod.err
new file mode 100644
index 0000000..40e3a5b
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/shadow 2 ...
+usermod: cannot open /etc/shadow
diff --git a/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
new file mode 100755
index 0000000..c5ac414
--- /dev/null
+++ b/tests/tests/failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/shadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config.txt b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/default/useradd b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/group b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/gshadow b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/login.defs b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/passwd b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/shadow b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/data/usermod.err b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/data/usermod.err
new file mode 100644
index 0000000..5329b28
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/group 2 ...
+usermod: cannot open /etc/group
diff --git a/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
new file mode 100755
index 0000000..fbca278
--- /dev/null
+++ b/tests/tests/failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the group file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/group usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config.txt b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/default/useradd b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/group b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/gshadow b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/login.defs b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/passwd b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/shadow b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/data/usermod.err b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/data/usermod.err
new file mode 100644
index 0000000..e398343
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/gshadow 2 ...
+usermod: cannot open /etc/gshadow
diff --git a/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
new file mode 100755
index 0000000..6e7ba24
--- /dev/null
+++ b/tests/tests/failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod -l bar foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/gshadow usermod -l bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config.txt b/tests/tests/failures/usermod/10_usermod_-p_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/default/useradd b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/group b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/gshadow b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/passwd b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/shadow b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/data/passwd b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/passwd
new file mode 100644
index 0000000..d9798a6
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/data/shadow b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/shadow
new file mode 100644
index 0000000..13fca93
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:foopass::0:99999:7:::
diff --git a/tests/tests/failures/usermod/10_usermod_-p_time_0/usermod.test b/tests/tests/failures/usermod/10_usermod_-p_time_0/usermod.test
new file mode 100755
index 0000000..f54c918
--- /dev/null
+++ b/tests/tests/failures/usermod/10_usermod_-p_time_0/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+LD_PRELOAD=../../../common/time_0.so usermod -p foopass foo 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config.txt b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/default/useradd b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/group b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/gshadow b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/passwd b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/shadow b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/data/shadow b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/data/shadow
new file mode 100644
index 0000000..6faa0c5
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblahblah::0:99999:7:12::
diff --git a/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
new file mode 100755
index 0000000..56e9c83
--- /dev/null
+++ b/tests/tests/failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod disables aging when time is not set"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -f 12 foo)..."
+LD_PRELOAD=../../../common/time_0.so usermod -f 12 foo 2>/dev/null
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config.txt b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/default/useradd b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/group b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/gshadow b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/login.defs b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/passwd b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/shadow b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/data/usermod.err b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/data/usermod.err
new file mode 100644
index 0000000..a5fd4c3
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/passwd+ /etc/passwd
+usermod: failure while writing changes to /etc/passwd
diff --git a/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
new file mode 100755
index 0000000..d7c95b7
--- /dev/null
+++ b/tests/tests/failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports failure to unlock /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change UID of foo to 1001 (usermod -u 1001 foo)..."
+LD_PRELOAD=../../../common/unlink_failure.so FAILURE_PATH=/etc/passwd.lock usermod -u 1001 foo 2>tmp/usermod.err
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config.txt b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/group b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/passwd b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/shadow b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subgid b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subuid b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/data/usermod.err b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/data/usermod.err
new file mode 100644
index 0000000..a83d4bf
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+usermod: cannot open /etc/subuid
diff --git a/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
new file mode 100755
index 0000000..fdff7e1
--- /dev/null
+++ b/tests/tests/failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -v 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config.txt b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/group b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/gshadow b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/login.defs b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/passwd b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/shadow b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subgid b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subuid b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/data/usermod.err b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/data/usermod.err
new file mode 100644
index 0000000..a83d4bf
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subuid 2 ...
+usermod: cannot open /etc/subuid
diff --git a/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
new file mode 100755
index 0000000..47ff348
--- /dev/null
+++ b/tests/tests/failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -V 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subuid usermod -V 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config.txt b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/group b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/passwd b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/shadow b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subgid b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subuid b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/data/usermod.err b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/data/usermod.err
new file mode 100644
index 0000000..7cb1df5
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+usermod: cannot open /etc/subgid
diff --git a/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
new file mode 100755
index 0000000..3469d93
--- /dev/null
+++ b/tests/tests/failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -w 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config.txt b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/group b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/gshadow b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/login.defs b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/passwd b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/shadow b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subgid b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subuid b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/data/usermod.err b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/data/usermod.err
new file mode 100644
index 0000000..7cb1df5
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+open FAILURE /etc/subgid 2 ...
+usermod: cannot open /etc/subgid
diff --git a/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
new file mode 100755
index 0000000..a03c2c5
--- /dev/null
+++ b/tests/tests/failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod report failures when it cannot open the /etc/subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add range for user foo (usermod -W 100000-100000 foo)..."
+LD_PRELOAD=../../../common/open_RDWR_failure.so FAILURE_PATH=/etc/subgid usermod -W 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config.txt b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/group b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/gshadow b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/login.defs b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/passwd b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/shadow b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subgid b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subuid b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/data/usermod.err b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/data/usermod.err
new file mode 100644
index 0000000..d498ae9
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subuid+ /etc/subuid
+usermod: failure while writing changes to /etc/subuid
diff --git a/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
new file mode 100755
index 0000000..0e39b61
--- /dev/null
+++ b/tests/tests/failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add subordinate uid for user foo (usermod -v 100000-100000 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subuid usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config.txt b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/default/useradd b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/group b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/gshadow b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/login.defs b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/passwd b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/shadow b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subgid b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subgid
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subuid b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/config/etc/subuid
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/data/usermod.err b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/data/usermod.err
new file mode 100644
index 0000000..ee968b8
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/data/usermod.err
@@ -0,0 +1,2 @@
+rename FAILURE /etc/subgid+ /etc/subgid
+usermod: failure while writing changes to /etc/subgid
diff --git a/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
new file mode 100755
index 0000000..c14e5c1
--- /dev/null
+++ b/tests/tests/failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod reports failure to write /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add subordinate uid for user foo (usermod -w 100000-100000 foo)..."
+LD_PRELOAD=../../../common/rename_failure.so FAILURE_PATH=/etc/subgid usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
new file mode 100755
index 0000000..c62fc54
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd fails if a group does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's, disk's, and foooo's password..."
+echo 'nogroup:test
+disk:test2
+foooo:test3' | chgpasswd 2>tmp/chgpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/group b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/data/chgpasswd.err
new file mode 100644
index 0000000..38413df
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/01_chgpasswd_invalid_group/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: line 3: group 'foooo' does not exist
+chgpasswd: error detected, changes ignored
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
new file mode 100755
index 0000000..27754dd
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can change multiple groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's and disk's password..."
+echo 'nogroup:test
+disk:test2' | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/group b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/passwd b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/shadow b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/data/gshadow b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/data/gshadow
new file mode 100644
index 0000000..10d3a52
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/02_chgpasswd_multiple_groups/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:@PASS_DES test2@::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
new file mode 100755
index 0000000..1e765f8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the password in group if gshadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Change nogroup's and disk's password..."
+echo 'nogroup:test
+disk:test2' | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check that gshadow does not exist..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/group b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/data/group b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/data/group
new file mode 100644
index 0000000..7f5e536
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:@PASS_DES test2@:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:@PASS_DES test@:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
new file mode 100755
index 0000000..8def840
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group entry if there are no entries in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's and disk's password..."
+echo 'nogroup:test
+disk:test2' | chgpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/group b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/passwd b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/shadow b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/group b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/gshadow b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/gshadow
new file mode 100644
index 0000000..544e0d1
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:@PASS_DES test2@::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
+nogroup:@PASS_DES test@::
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
new file mode 100755
index 0000000..53ffbf2
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd fails if no password are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's password..."
+echo 'nogroup:test
+disk' | chgpasswd 2>tmp/chgpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/group b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/login.defs b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/passwd b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/shadow b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/data/chgpasswd.err
new file mode 100644
index 0000000..86c0803
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/05_chgpasswd_error_no_password/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: line 2: missing new password
+chgpasswd: error detected, changes ignored
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
new file mode 100755
index 0000000..1075f0f
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chgpasswd usage (chgpasswd -h)..."
+chgpasswd -h >tmp/usage.out
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config.txt b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/group b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/passwd b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/shadow b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/data/usage.out b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/data/usage.out
new file mode 100644
index 0000000..46b49c3
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/06_chgpasswd_usage/data/usage.out
@@ -0,0 +1,12 @@
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
new file mode 100755
index 0000000..56de5cb
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd displays its usage message in case on non recognized option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chgpasswd usage (chgpasswd --foo)..."
+chgpasswd --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config.txt b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/group b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/passwd b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/shadow b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/data/usage.out b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..e96d97c
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/07_chgpasswd_usage_bad_option/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: unrecognized option '--foo'
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
new file mode 100755
index 0000000..f6b96d5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -e and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use md5 (chgpasswd -m -e)..."
+echo 'nobody:test' | chgpasswd -m -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config.txt b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/group b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/passwd b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/shadow b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/data/usage.out b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/data/usage.out
new file mode 100644
index 0000000..d3a57b6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: the -c, -e, and -m flags are exclusive
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
new file mode 100755
index 0000000..9da58d6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -e and -c are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use another method (chgpasswd -c SHA512 -e)..."
+echo 'nobody:test' | chgpasswd -c SHA512 -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config.txt b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/group b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/passwd b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/shadow b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/data/usage.out b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/data/usage.out
new file mode 100644
index 0000000..d3a57b6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: the -c, -e, and -m flags are exclusive
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
new file mode 100755
index 0000000..e83338f
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -c and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd -m -c SHA256)..."
+echo 'nobody:test' | chgpasswd -m -c SHA256 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config.txt b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/group b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/passwd b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/shadow b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/data/usage.out b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/data/usage.out
new file mode 100644
index 0000000..d3a57b6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: the -c, -e, and -m flags are exclusive
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
new file mode 100755
index 0000000..293e932
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that -c is provided if -s is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd --sha-rounds 12)..."
+echo 'nobody:test' | chgpasswd --sha-rounds 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config.txt b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/group b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/passwd b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/shadow b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/data/usage.out b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/data/usage.out
new file mode 100644
index 0000000..4bd98d4
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: -s flag is only allowed with the -c flag
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
new file mode 100755
index 0000000..ebfcde6
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks the -s argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd --sha-rounds 12foo -c SHA512)..."
+echo 'nobody:test' | chgpasswd --sha-rounds 12foo -c SHA512 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config.txt b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/group b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/passwd b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/shadow b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/data/usage.out b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/data/usage.out
new file mode 100644
index 0000000..690a502
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: invalid numeric argument '12foo'
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
new file mode 100755
index 0000000..8cff29b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks the -c argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chgpasswd --crypt-method SHA513)..."
+echo 'nobody:test' | chgpasswd --crypt-method SHA513 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config.txt b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/group b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/passwd b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/shadow b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/data/usage.out b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/data/usage.out
new file mode 100644
index 0000000..a103cd5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chgpasswd: unsupported crypt method: SHA513
+Usage: chgpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
new file mode 100755
index 0000000..c622581
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/group b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/passwd b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/shadow b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/data/gshadow b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/data/gshadow
new file mode 100644
index 0000000..71489d5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/14_chgpasswd_password_encrypted/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:test2::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
new file mode 100755
index 0000000..964d193
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create md5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --md5)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --md5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/group b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/passwd b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/shadow b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/data/gshadow b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/data/gshadow
new file mode 100644
index 0000000..eea258e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/15_chgpasswd_password_md5/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_MD5 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
new file mode 100755
index 0000000..98cf6d0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use encrypted passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd -c NONE)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -c NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/group b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/passwd b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/shadow b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/data/gshadow b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/data/gshadow
new file mode 100644
index 0000000..71489d5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/16_chgpasswd_password_NONE/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:test2::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
new file mode 100755
index 0000000..920589b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create MD5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method MD5)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/group b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/passwd b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/shadow b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/data/gshadow b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/data/gshadow
new file mode 100644
index 0000000..eea258e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/17_chgpasswd_password_MD5/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_MD5 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_MD5 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
new file mode 100755
index 0000000..bf504af
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create DES passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method DES)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/group b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/passwd b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/shadow b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/data/gshadow b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/data/gshadow
new file mode 100644
index 0000000..dcf1749
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/18_chgpasswd_password_DES/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_DES test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_DES test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
new file mode 100755
index 0000000..07770c4
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA256 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA256)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/group b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/passwd b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/shadow b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/data/gshadow b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/data/gshadow
new file mode 100644
index 0000000..e22ddf5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/19_chgpasswd_password_SHA256/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
new file mode 100755
index 0000000..e269270
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA256 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA256 -s 900)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA256 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$5\$rounds=1000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/group b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/passwd b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/shadow b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/data/gshadow b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/data/gshadow
new file mode 100644
index 0000000..e22ddf5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
new file mode 100755
index 0000000..7d33204
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA256 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA256 -s 9000)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA256 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$5\$rounds=9000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/group b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/passwd b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/shadow b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/data/gshadow b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/data/gshadow
new file mode 100644
index 0000000..e22ddf5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA256 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA256 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
new file mode 100755
index 0000000..1a560dc
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA512 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA512)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA512
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/group b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/passwd b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/shadow b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/data/gshadow b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/data/gshadow
new file mode 100644
index 0000000..f4f8034
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/22_chgpasswd_password_SHA512/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA512 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
new file mode 100755
index 0000000..5af55f8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA512 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA512 -s 900)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA512 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$6\$rounds=1000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/group b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/passwd b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/shadow b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/data/gshadow b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/data/gshadow
new file mode 100644
index 0000000..f4f8034
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA512 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
new file mode 100755
index 0000000..2e85531
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd can use create SHA512 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup and lp's password (chgpasswd --crypt-method SHA512 -s 9000)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd --crypt-method SHA512 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+grep nogroup /etc/gshadow | grep -q ':\$6\$rounds=9000\$'
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/group b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/passwd b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/shadow b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/data/gshadow b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/data/gshadow
new file mode 100644
index 0000000..f4f8034
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:@PASS_SHA512 test2@::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:@PASS_SHA512 test@::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
new file mode 100755
index 0000000..17f6f95
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group file if gshadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Change nogroup's and lp's password..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check that gshadow does not exist..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/group b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..d5d9eb7
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:foo:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:bar:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/data/group b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/data/group
new file mode 100644
index 0000000..575c221
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:test2:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:test:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
new file mode 100755
index 0000000..17f6f95
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group file if gshadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Change nogroup's and lp's password..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check that gshadow does not exist..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/group b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/data/group b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/data/group
new file mode 100644
index 0000000..575c221
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:test2:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:test:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
new file mode 100755
index 0000000..1d9af4b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd changes the group entry if there are no gshadow entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nogroup's and lp's password..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/group b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..aecd9b9
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/passwd b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/shadow b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/group b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/gshadow b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/gshadow
new file mode 100644
index 0000000..3652f6f
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:test::
+crontab:x::
+Debian-exim:x::
+lp:test2::
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
new file mode 100755
index 0000000..c0be3c9
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config.txt b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config.txt
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/group b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/data/chgpasswd.err
new file mode 100644
index 0000000..5c91d93
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/30_chgpasswd_locked_group/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: existing lock file /etc/group.lock without a PID
+chgpasswd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
new file mode 100755
index 0000000..368e4b8
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change passwords (chgpasswd -e)..."
+echo 'nogroup:test
+lp:test2' | chgpasswd -e 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config.txt b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config.txt
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/group b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/data/chgpasswd.err
new file mode 100644
index 0000000..dcef785
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/31_chgpasswd_locked_gshadow/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: existing lock file /etc/gshadow.lock without a PID
+chgpasswd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
new file mode 100755
index 0000000..1dede9e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chgpasswd checks that users exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chgpasswd)..."
+echo 'nogroup:test
+bar:bar2
+lp:test2' | chgpasswd 2>tmp/chgpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chgpasswd reported:"
+echo "======================================================================="
+cat tmp/chgpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chgpasswd.err tmp/chgpasswd.err
+echo "error message OK."
+rm -f tmp/chgpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config.txt b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config.txt
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/default/useradd b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/group b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/gshadow b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/passwd b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/shadow b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/data/chgpasswd.err b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/data/chgpasswd.err
new file mode 100644
index 0000000..bf4249e
--- /dev/null
+++ b/tests/tests/grouptools/chgpasswd/32_chgpasswd_invalid_group/data/chgpasswd.err
@@ -0,0 +1,2 @@
+chgpasswd: line 2: group 'bar' does not exist
+chgpasswd: error detected, changes ignored
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..3084f76
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..75a8abe
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..08ee996
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (0 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..8b3971e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..5054bf7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..f9879d9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..965a4d6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config.txt b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/group b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/group b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/gshadow b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/gshadow
new file mode 100644
index 0000000..1e2ca45
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root,daemon
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
new file mode 100755
index 0000000..dfbd793
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 2 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon users)..."
+gpasswd -M root,daemon users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..afcbd74
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x::
diff --git a/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..3084f76
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..bbe0311
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..9abbd26
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::
diff --git a/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..75a8abe
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..0404aba
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..cda0d0a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::foo
diff --git a/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..08ee996
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (0 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..e2d8b14
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..86fa988
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:password::foo
diff --git a/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..f9879d9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..bbe0311
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..cda0d0a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::foo
diff --git a/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..965a4d6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..bbe0311
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:*:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..692d0f7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:*::root,daemon
diff --git a/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..dfbd793
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 2 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon users)..."
+gpasswd -M root,daemon users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..b1450c9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..bd95302
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to \"\" (gpasswd -M \"\" users)..."
+gpasswd -M "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..e6e6ab0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (0 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..8b3971e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5054bf7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..e5b40b4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (1 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..8b92888
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 1 group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "set the list of members to foo (gpasswd -M foo users)..."
+gpasswd -M foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..2b2b2ac
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members (2 -> 2 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon users)..."
+gpasswd -M root,daemon users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config.txt b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/group b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/gshadow b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/passwd b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/shadow b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/data/gshadow b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/data/gshadow
new file mode 100644
index 0000000..6b880f5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.exp b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
new file mode 100755
index 0000000..5d316e2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp root users usersPAS '# '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..4bce8b4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:@PASS_DES usersPAS@::foo
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.exp b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..5d316e2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp root users usersPAS '# '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/data/group
new file mode 100644
index 0000000..76ead96
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:@PASS_DES usersPAS@:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.exp b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..9f90aaf
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+./gpasswd.exp root users usersPAS '# '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config.txt b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/group b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/gshadow b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/passwd b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/shadow b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/data/gshadow b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/data/gshadow
new file mode 100644
index 0000000..048d86a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.exp b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.exp
new file mode 100755
index 0000000..1accbb9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.exp
@@ -0,0 +1,70 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
new file mode 100755
index 0000000..9ae0cd8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config.txt b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/group b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/gshadow b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/passwd b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/shadow b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.exp b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.exp
new file mode 100755
index 0000000..e2eb450
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "\n"
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
new file mode 100755
index 0000000..d75576e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.exp b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.exp
new file mode 100755
index 0000000..8fb13a0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..c61fa9b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config.txt b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/group b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/gshadow b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/passwd b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/shadow b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/group b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/gshadow b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/gshadow
new file mode 100644
index 0000000..ef584f0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
new file mode 100755
index 0000000..dcdb819
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..10880c6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:::foo
diff --git a/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..dcdb819
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/data/group
new file mode 100644
index 0000000..cc8c43e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users::100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..c68d225
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config.txt b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/group b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/gshadow b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/passwd b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/shadow b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/group b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/gshadow b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/gshadow
new file mode 100644
index 0000000..ef7c9e5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:!::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
new file mode 100755
index 0000000..e6d263e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can lock the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock the password of group users (gpasswd -R users)..."
+gpasswd -R users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..761abe1
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:!::foo
diff --git a/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..e6d263e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can lock the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock the password of group users (gpasswd -R users)..."
+gpasswd -R users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/data/group
new file mode 100644
index 0000000..cc423f5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:!:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..de4f26c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can lock the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Lock the password of group users (gpasswd -R users)..."
+gpasswd -R users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config.txt b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/group b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/group b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/gshadow b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/gshadow
new file mode 100644
index 0000000..f590939
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
new file mode 100755
index 0000000..81b50c9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..a3846bc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..33b3bb4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bin:x::foo
diff --git a/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..81b50c9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..b257fe8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config.txt b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/group b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/group b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/gshadow b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
new file mode 100755
index 0000000..fef6ba0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config.txt b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/group b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/group
new file mode 100644
index 0000000..b7bf0a4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/gshadow
new file mode 100644
index 0000000..71ef67c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/group b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/group
new file mode 100644
index 0000000..85a95f2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/gshadow b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/gshadow
new file mode 100644
index 0000000..f704a9d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
new file mode 100755
index 0000000..0a34349
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (don't touch other usrs/groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config.txt b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/group b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/group
new file mode 100644
index 0000000..2cfa18e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin,foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/gshadow
new file mode 100644
index 0000000..7207bd2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:bin,foo,root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/group b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/group
new file mode 100644
index 0000000..38d5cf2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:bin,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/gshadow b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/gshadow
new file mode 100644
index 0000000..83e5365
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:bin,root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
new file mode 100755
index 0000000..e279235
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+# TODO: maybe this is wrong
+log_start "$0" "gpasswd can remove an user to a group (don't touch administrative users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..afcbd74
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x::
diff --git a/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..fef6ba0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..db1fe5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..1c18211
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:password::
diff --git a/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..fef6ba0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..b7bf0a4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..bc29364
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/group b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/group
new file mode 100644
index 0000000..85a95f2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..3e0af1e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x::root
diff --git a/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..0a34349
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (don't touch other usrs/groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..20985d5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..db1fe5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9ae9eeb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..ff80f13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:password:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..20985d5
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..b7bf0a4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..bc29364
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::foo
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/data/group b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/data/group
new file mode 100644
index 0000000..85a95f2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..6ec2ebc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (don't touch other usrs/groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config.txt b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/group b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/data/gpasswd.err b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/data/gpasswd.err
new file mode 100644
index 0000000..dec0fe7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/data/gpasswd.err
@@ -0,0 +1,2 @@
+gpasswd: existing lock file /etc/group.lock without a PID
+gpasswd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
new file mode 100755
index 0000000..55cd038
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -r checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config.txt b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/group b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/data/gpasswd.err b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/data/gpasswd.err
new file mode 100644
index 0000000..4c5a872
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/data/gpasswd.err
@@ -0,0 +1,2 @@
+gpasswd: existing lock file /etc/gshadow.lock without a PID
+gpasswd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
new file mode 100755
index 0000000..0c7a649
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -r checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Remove the password of group users (gpasswd -r users)..."
+gpasswd -r users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config.txt b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/group b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/data/gpasswd.err b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/data/gpasswd.err
new file mode 100644
index 0000000..1cba130
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: group 'usersss' does not exist in /etc/group
diff --git a/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
new file mode 100755
index 0000000..b9ec058
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -r fails if the group does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove the password of unknown group usersss (gpasswd -r usersss)..."
+gpasswd -r usersss 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"  # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config.txt b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/group b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/gshadow b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/passwd b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/shadow b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/data/gpasswd.err b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/data/gpasswd.err
new file mode 100644
index 0000000..1ae3559
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foooo' does not exist
diff --git a/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
new file mode 100755
index 0000000..0c7175b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -a fails if the user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foooo to group users (gpasswd -a foooo users)..."
+gpasswd -a foooo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config.txt b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/group b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/gshadow b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/passwd b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/shadow b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/data/gpasswd.err b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/data/gpasswd.err
new file mode 100644
index 0000000..1ae3559
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foooo' does not exist
diff --git a/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
new file mode 100755
index 0000000..bb3ab61
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -M fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set members of users to root,foooo,bin (gpasswd -M root,foooo,bin users)..."
+gpasswd -M root,foooo,bin users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..6f73977
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..4cc3100
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (1 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -A \"\" users)..."
+gpasswd -A "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..37489ea
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,bin:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..6ed3642
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (2 -> 0 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to \"\" (gpasswd -A \"\" users)..."
+gpasswd -A "" users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..6f73977
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..ca37b35
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (0 -> 1 groups)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..38c2da7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..f74646e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:bin:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..59e5042
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..2d64aaa
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (1 -> 1 users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..38c2da7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..77f563e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,bin:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..59e5042
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..2701d17
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (2 -> 1 users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config.txt b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/group b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/group
new file mode 100644
index 0000000..38c2da7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/gshadow b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/gshadow
new file mode 100644
index 0000000..77f563e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,bin:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/passwd b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/shadow b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/data/gshadow b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/data/gshadow
new file mode 100644
index 0000000..651998f
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:daemon,foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
new file mode 100755
index 0000000..5964aa9
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of admins (2 -> 2 users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to foo (gpasswd -A daemon,foo users)..."
+gpasswd -A daemon,foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config.txt b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/group b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/group
new file mode 100644
index 0000000..e3aaaf8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/gshadow
new file mode 100644
index 0000000..8c7367f
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/data/gshadow b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/data/gshadow
new file mode 100644
index 0000000..77a3300
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+users:x:foo:
diff --git a/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
new file mode 100755
index 0000000..bbd88af
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can set the list of admins if there is no shadow group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set the admin list of users to foo (gpasswd -A foo users)..."
+gpasswd -A foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config.txt b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/group b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/data/gpasswd.err b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/data/gpasswd.err
new file mode 100644
index 0000000..55bd0cc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: shadow group passwords required for -A
diff --git a/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
new file mode 100755
index 0000000..6074c46
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -A checks if the gshadow file exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Set the lists of admins to foo (gpasswd -A foo users)..."
+gpasswd -A foo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "17" # E_GSHADOW_NOTFOUND
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config.txt b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/group b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/group
new file mode 100644
index 0000000..1b4936a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/gshadow
new file mode 100644
index 0000000..f590939
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
new file mode 100755
index 0000000..488c921
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user to a group (already member)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo to group bin (gpasswd -a foo bin)..."
+gpasswd -a foo bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config.txt b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/group b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/gshadow b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/gshadow
new file mode 100644
index 0000000..ea4d4ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/passwd b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/shadow b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/data/gpasswd.err b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/data/gpasswd.err
new file mode 100644
index 0000000..e6582d4
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foo' is not a member of 'users'
diff --git a/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
new file mode 100755
index 0000000..80b24c7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (not in the group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config.txt b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/group b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/gshadow b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/gshadow
new file mode 100644
index 0000000..ea4d4ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/passwd b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/shadow b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/data/group b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
new file mode 100755
index 0000000..3bc2038
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (not in the group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config.txt b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/group b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/gshadow b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/passwd b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/shadow b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/data/gshadow b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
new file mode 100755
index 0000000..5d49520
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can remove an user to a group (not in the group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo to group bin (gpasswd -d foo users)..."
+gpasswd -d foo users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config.txt b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config.txt
new file mode 100644
index 0000000..ffddf4e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user useruseruseruseruseruseruseruser, 32 chars
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/group b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/group
new file mode 100644
index 0000000..bee1474
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+useruseruseruseruseruseruseruser:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/gshadow b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/gshadow
new file mode 100644
index 0000000..a8d50cc
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+useruseruseruseruseruseruseruser:*::
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/passwd b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/passwd
new file mode 100644
index 0000000..aff85eb
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+useruseruseruseruseruseruseruser:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/shadow b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/shadow
new file mode 100644
index 0000000..ae1c044
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+useruseruseruseruseruseruseruser:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/group b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/group
new file mode 100644
index 0000000..7835fe7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:useruseruseruseruseruseruseruser
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+useruseruseruseruseruseruseruser:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/gshadow b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/gshadow
new file mode 100644
index 0000000..f8e3924
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::useruseruseruseruseruseruseruser
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+useruseruseruseruseruseruseruser:*::
diff --git a/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
new file mode 100755
index 0000000..594b8c3
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can add an user with 32 characters to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user useruseruseruseruseruseruseruser to group bin (gpasswd -a useruseruseruseruseruseruseruser bin)..."
+gpasswd -a useruseruseruseruseruseruseruser bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config.txt b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/group b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/gshadow b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/passwd b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/shadow b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/data/usage.out b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/61_gpasswd_usage/gpasswd.test b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
new file mode 100755
index 0000000..50732c6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get gpasswd usage (gpasswd -h)..."
+gpasswd -h >tmp/usage.out
+
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config.txt b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/default/useradd b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/group b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/gshadow b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/passwd b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/shadow b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/data/gpasswd.err b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/data/gpasswd.err
new file mode 100644
index 0000000..1ae3559
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/data/gpasswd.err
@@ -0,0 +1 @@
+gpasswd: user 'foooo' does not exist
diff --git a/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
new file mode 100755
index 0000000..2be948c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd -A fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set admins of users to root,foooo,bin (gpasswd -A root,foooo,bin users)..."
+gpasswd -A root,foooo,bin users 2>tmp/gpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3" # E_BAD_ARG
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/gpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/gpasswd.err tmp/gpasswd.err
+echo "error message OK."
+rm -f tmp/gpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config.txt b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/group b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/gshadow b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/passwd b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/shadow b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/data/usage.out b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..587d234
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/data/usage.out
@@ -0,0 +1,14 @@
+gpasswd: invalid option -- 'Z'
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
new file mode 100755
index 0000000..aca4873
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case of bad option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd invalid option (gpasswd -Z)..."
+gpasswd -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config.txt b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/group b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/gshadow b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/passwd b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/shadow b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/data/usage.out b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
new file mode 100755
index 0000000..009f5a3
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case of multiple exclusive options"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd option (gpasswd -a root -d root users)..."
+gpasswd -a root -d root users 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config.txt b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/group b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/gshadow b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/passwd b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/shadow b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/data/usage.out b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
new file mode 100755
index 0000000..871c264
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case the group is not specified"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd option (gpasswd -a root)..."
+gpasswd -a root 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config.txt b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/group b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/gshadow b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/passwd b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/shadow b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/data/usage.out b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/data/usage.out
new file mode 100644
index 0000000..d1c98d7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/data/usage.out
@@ -0,0 +1,13 @@
+Usage: gpasswd [option] GROUP
+
+Options:
+  -a, --add USER                add USER to GROUP
+  -d, --delete USER             remove USER from GROUP
+  -h, --help                    display this help message and exit
+  -Q, --root CHROOT_DIR         directory to chroot into
+  -r, --remove-password         remove the GROUP's password
+  -R, --restrict                restrict access to GROUP to its members
+  -M, --members USER,...        set the list of members of GROUP
+  -A, --administrators ADMIN,...
+                                set the list of administrators for GROUP
+Except for the -A and -M options, the options cannot be combined.
diff --git a/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
new file mode 100755
index 0000000..67827b6
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd displays its usage message in case multiple groups are specified"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use gpasswd option (gpasswd -a root root users)..."
+gpasswd -a root root users 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "gpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config.txt b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/group b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/gshadow b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/passwd b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/shadow b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.exp b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.exp
new file mode 100755
index 0000000..bb13360
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: gpasswd.exp <run_user> <group> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's admins to 'root'\n"
+send_user "# and expect a permission denied"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd -A root $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "\n"
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
new file mode 100755
index 0000000..95d557d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config.txt b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/group b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/gshadow b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/passwd b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/shadow b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.exp b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.exp
new file mode 100755
index 0000000..f75069a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: gpasswd.exp <run_user> <group> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's members to root\n"
+send_user "# and expect a permission denied"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd -M root $group\r"		;# Change the password
+expect "gpasswd: Permission denied."	;# Not an admin
+
+send_user "\n"
+send_user "# expect prompt '$user_prompt'\n"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
new file mode 100755
index 0000000..95d557d
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config.txt b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/group b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/gshadow b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs
new file mode 100644
index 0000000..4949522
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/passwd b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/shadow b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/data/gshadow b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/data/gshadow
new file mode 100644
index 0000000..048d86a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.exp b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.exp
new file mode 100755
index 0000000..cbb9b81
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+
+send_user "# expect failure an retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
new file mode 100755
index 0000000..9ae0cd8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config.txt b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/group b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/gshadow b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs
new file mode 100644
index 0000000..7e0063c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		4
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/passwd b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/shadow b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/data/gshadow b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/data/gshadow
new file mode 100644
index 0000000..048d86a
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:@PASS_DES usersPAS@:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.exp b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.exp
new file mode 100755
index 0000000..daa8cc7
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.exp
@@ -0,0 +1,96 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 1 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 2 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "\n# password '$g_password' sent for the last try\n\n"
+
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
new file mode 100755
index 0000000..9ae0cd8
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config.txt b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config.txt
new file mode 100644
index 0000000..2fb7c37
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config.txt
@@ -0,0 +1 @@
+myuser exist and is an admin of group users
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/group b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/gshadow b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/gshadow
new file mode 100644
index 0000000..aef7f5b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:myuser:
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs
new file mode 100644
index 0000000..7e0063c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		4
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/passwd b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/passwd
new file mode 100644
index 0000000..86d7855
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+myuser:x:1001:1000:::/bin/bash
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/shadow b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/shadow
new file mode 100644
index 0000000..f2f5bb2
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+myuser::12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.exp b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.exp
new file mode 100755
index 0000000..c8c780c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.exp
@@ -0,0 +1,96 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 4} {
+	puts "usage: gpasswd.exp <run_user> <group> <g_password> <user_prompt>"
+	exit 1
+}
+
+set run_user    [lindex $argv 0]
+set group       [lindex $argv 1]
+set g_password  [lindex $argv 2]
+set user_prompt [lindex $argv 3]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to user '$run_user'\n"
+send_user "# and expect a '$user_prompt' prompt\n"
+spawn /bin/su $run_user
+
+expect "$user_prompt"		;# Wait for the prompt
+
+send_user "\n# make sure we are now '$run_user'"
+send_user "\n# whoami should return '$run_user'"
+send "\r"			;# restore the prompt for the logs
+send "whoami\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"$run_user"
+}
+
+expect "$user_prompt"			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now change '$group' 's password to '$g_password'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "gpasswd $group\r"		;# Change the password
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 1 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 2 and retry"
+expect "They don't match; try again"
+
+expect "New Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "wrong $g_password\r"		;# Send the password
+send_user "\n# wrong password 'wrong $g_password' sent\n\n"
+send_user "Expect a new password prompt\n"
+expect "Re-enter new password: "		;# Wait for the Password: prompt
+# Wait a little bit more (gpasswd is not ready to receive the password)
+sleep 0.1
+send "$g_password\r"		;# Send the password
+send_user "# expect failure 3 and retry"
+expect "gpasswd: Try again later"
+
+send_user "# expect prompt '$user_prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$user_prompt" {
+		send "exit\r"
+		expect "$ "
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
new file mode 100755
index 0000000..d75576e
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can be used by root to change one group's passwd"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./gpasswd.exp myuser users usersPAS '$ '
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config.txt b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/group b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/group
new file mode 100644
index 0000000..1838a36
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bin
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/gshadow b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/gshadow
new file mode 100644
index 0000000..689ea4c
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo,bin
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/passwd b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/shadow b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/group b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/group
new file mode 100644
index 0000000..aa85a13
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,daemon
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/gshadow b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/gshadow
new file mode 100644
index 0000000..de77657
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:root,bin:root,daemon
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
new file mode 100755
index 0000000..1a77cee
--- /dev/null
+++ b/tests/tests/grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "gpasswd can change the list of members and admins"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "set the list of members to root,daemon (gpasswd -M root,daemon -A root,bin users)..."
+gpasswd -M root,daemon -A root,bin users
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config.txt b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/group b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/login.defs b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/passwd b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/shadow b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/group b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/gshadow b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/01_groupadd_add_group/groupadd.test b/tests/tests/grouptools/groupadd/01_groupadd_add_group/groupadd.test
new file mode 100755
index 0000000..c48da8e
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/01_groupadd_add_group/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group (GID_MIN set to 100 in /etc/login.defs)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config.txt b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/default/useradd b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/group b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/gshadow b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/login.defs b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/login.defs
new file mode 100644
index 0000000..923caa6
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/passwd b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/shadow b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/group b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/gshadow b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
new file mode 100755
index 0000000..05c1038
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group (GID_MIN set to 1000 in /etc/login.defs)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config.txt b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/default/useradd b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/group b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/gshadow b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/login.defs b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/passwd b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/shadow b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/group b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/group
new file mode 100644
index 0000000..f3d8204
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:2000:
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/gshadow b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
new file mode 100755
index 0000000..bad185a
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group, respect -K GID_MIN"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd -K GID_MIN=2000 foo)..."
+groupadd -K GID_MIN=2000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config.txt b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/default/useradd b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/group b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/gshadow b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/login.defs b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/passwd b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/shadow b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/group b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/gshadow b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/gshadow
new file mode 100644
index 0000000..57a72a7
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:password::
diff --git a/tests/tests/grouptools/groupadd/04_groupadd_set_password/groupadd.test b/tests/tests/grouptools/groupadd/04_groupadd_set_password/groupadd.test
new file mode 100755
index 0000000..01ce95e
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/04_groupadd_set_password/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group and set the password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo with a password (groupadd -p password foo)..."
+groupadd -p password foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config.txt b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/group b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/group b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/group
new file mode 100644
index 0000000..3bd92e7
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1500:
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/gshadow b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/05_groupadd_set_GID/groupadd.test b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/groupadd.test
new file mode 100755
index 0000000..306767b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/05_groupadd_set_GID/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group and set the GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo with GID 1500 (groupadd -p 1500 foo)..."
+groupadd -g 1500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config.txt b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/group b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/login.defs b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/passwd b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/shadow b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
new file mode 100755
index 0000000..25546eb
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -f exits with succes if the user already exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd -f foo)..."
+groupadd -f foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config.txt b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/group b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/group
new file mode 100644
index 0000000..5c3fef9
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/group b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/group
new file mode 100644
index 0000000..66c892a
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
+bar:x:1004:
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/gshadow b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/gshadow
new file mode 100644
index 0000000..e718821
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:!::
diff --git a/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
new file mode 100755
index 0000000..3f3f32f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -f uses another GID if an user already exists with this GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group bar, GID 1003 (groupadd -g 1003 -f bar)..."
+groupadd -g 1003 -f bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config.txt b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/group b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/passwd b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/shadow b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/data/groupadd.err b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/data/groupadd.err
new file mode 100644
index 0000000..33604e5
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/data/groupadd.err
@@ -0,0 +1,2 @@
+groupadd: existing lock file /etc/group.lock without a PID
+groupadd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/groupadd/08_groupadd_locked_group/groupadd.test b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/groupadd.test
new file mode 100755
index 0000000..aa3250e
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/08_groupadd_locked_group/groupadd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config.txt b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/data/groupadd.err b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/data/groupadd.err
new file mode 100644
index 0000000..c64e0a9
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/data/groupadd.err
@@ -0,0 +1,2 @@
+groupadd: existing lock file /etc/gshadow.lock without a PID
+groupadd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
new file mode 100755
index 0000000..ac6645c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config.txt b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/group b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/group
new file mode 100644
index 0000000..5c3fef9
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/group b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/group
new file mode 100644
index 0000000..64cb8f1
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1003:
+bar:x:1003:
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/gshadow b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/gshadow
new file mode 100644
index 0000000..e718821
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:!::
diff --git a/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
new file mode 100755
index 0000000..3597a31
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -o accepts to add a group with an already used GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group bar, GID 1003 (groupadd -g 1003 -o bar)..."
+groupadd -g 1003 -o bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config.txt b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/group b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/data/groupadd.err
new file mode 100644
index 0000000..1b0872b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: invalid group ID '1002a'
diff --git a/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
new file mode 100755
index 0000000..9a1d542
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is a valid numeric ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 1002a (groupadd -g 1002a foo)..."
+groupadd -g 1002a foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config.txt b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/group b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/data/groupadd.err
new file mode 100644
index 0000000..26012b6
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: invalid group ID '-1002'
diff --git a/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/groupadd.test b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
new file mode 100755
index 0000000..b46434c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is a valid numeric ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID -1002 (groupadd -g -1002 foo)..."
+groupadd -g -1002 foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config.txt b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/default/useradd b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/group b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/gshadow b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/passwd b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/shadow b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/data/groupadd.err b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/data/groupadd.err
new file mode 100644
index 0000000..e7ca762
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: 'foo:bar' is not a valid group name
diff --git a/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/groupadd.test b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
new file mode 100755
index 0000000..fab3011
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given name is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo:bar (groupadd foo:bar)..."
+groupadd foo:bar 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config.txt b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/default/useradd b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/group b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/gshadow b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/passwd b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/shadow b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/data/groupadd.err b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/data/groupadd.err
new file mode 100644
index 0000000..f2685c5
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/data/groupadd.err
@@ -0,0 +1 @@
+configuration error - unknown item 'FOO' (notify administrator)
diff --git a/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
new file mode 100755
index 0000000..7e28a7f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the option provided with -K is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group -K FOO=100 foo (groupadd -K FOO=100 foo)..."
+groupadd -K FOO=100 foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config.txt b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/default/useradd b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/group b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/gshadow b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/passwd b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/shadow b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/data/groupadd.err b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/data/groupadd.err
new file mode 100644
index 0000000..8661719
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: -K requires KEY=VALUE
diff --git a/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
new file mode 100755
index 0000000..affd681
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the option provided with -K has a value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group -K GID_MAX foo (groupadd -K GID_MAX foo)..."
+groupadd -K GID_MAX foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config.txt b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/default/useradd b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/group b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/gshadow b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/passwd b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/shadow b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/data/groupadd.err b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/data/groupadd.err
new file mode 100644
index 0000000..be5ec5f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: group 'foo' already exists
diff --git a/tests/tests/grouptools/groupadd/16_groupadd_existing_group/groupadd.test b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/groupadd.test
new file mode 100755
index 0000000..7136dfa
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/16_groupadd_existing_group/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the group already exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config.txt b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/default/useradd b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/group b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/gshadow b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/login.defs b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/login.defs
new file mode 100644
index 0000000..6080471
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/login.defs
@@ -0,0 +1,315 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+SYS_GID_MIN		  500
+GID_MIN			 1000
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/passwd b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/shadow b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/group b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/group
new file mode 100644
index 0000000..b5b6ce2
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/gshadow b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
new file mode 100755
index 0000000..1d5c9a8
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a system group (GID_MIN set to 1000, and SYS_GID_MIN set to 500 in /etc/login.defs)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add system group foo (groupadd --system foo)..."
+groupadd --system foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config.txt b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/group b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/group
new file mode 100644
index 0000000..15f4c27
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/login.defs
new file mode 100644
index 0000000..9b1a3c4
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			 1001
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/data/groupadd.err
new file mode 100644
index 0000000..b3fd5c1
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: Can't get unique GID (no more available GIDs)
diff --git a/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
new file mode 100755
index 0000000..d4aeec4
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the a GID is still available (GID_MIN=1000, GID_MAX=1001)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config.txt b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/group b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/group
new file mode 100644
index 0000000..db0f483
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:300:
+foo2:x:301:
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/login.defs b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/login.defs
new file mode 100644
index 0000000..7c33f41
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+SYS_GID_MIN		  300
+SYS_GID_MAX		  301
+GID_MIN			 1000
+GID_MAX			 1001
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/data/groupadd.err
new file mode 100644
index 0000000..2809cdd
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: Can't get unique system GID (no more available GIDs)
diff --git a/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
new file mode 100755
index 0000000..728cdbc
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the a GID is still available (GID_MIN=300, GID_MAX=301)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add system group foo (groupadd -r foo)..."
+groupadd -r foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config.txt b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/default/useradd b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/group b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/gshadow b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/passwd b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/shadow b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/data/groupadd.err b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/data/groupadd.err
new file mode 100644
index 0000000..2ab5ee7
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: GID '1000' already exists
diff --git a/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
new file mode 100755
index 0000000..c65be1b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group bar, GID 1000 (groupadd -g 1000 bar)..."
+groupadd -g 1000 bar 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config.txt b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/default/useradd b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/group b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/gshadow b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/passwd b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/shadow b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/data/groupadd.err b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/data/groupadd.err
new file mode 100644
index 0000000..686e195
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/data/groupadd.err
@@ -0,0 +1 @@
+groupadd: invalid group ID '4294967295'
diff --git a/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
new file mode 100755
index 0000000..ce73d7f
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd checks if the given GID is a valid numeric ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd -g 4294967295 foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config.txt b/tests/tests/grouptools/groupadd/22_groupadd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/default/useradd b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/group b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/gshadow b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/passwd b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/shadow b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/data/usage.out b/tests/tests/grouptools/groupadd/22_groupadd_usage/data/usage.out
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/data/usage.out
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/22_groupadd_usage/groupadd.test b/tests/tests/grouptools/groupadd/22_groupadd_usage/groupadd.test
new file mode 100755
index 0000000..e273408
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/22_groupadd_usage/groupadd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupadd usage (groupadd -h)..."
+groupadd -h >tmp/usage.out
+
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config.txt b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/default/useradd b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/group b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/gshadow b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/passwd b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/shadow b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/data/groupadd.err b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/data/groupadd.err
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/data/groupadd.err
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/23_groupadd_no_groups/groupadd.test b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/groupadd.test
new file mode 100755
index 0000000..bb38d63
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/23_groupadd_no_groups/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd requires the group to create"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config.txt b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/default/useradd b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/group b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/gshadow b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/passwd b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/shadow b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/data/groupadd.err b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/data/groupadd.err
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/data/groupadd.err
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/24_groupadd_2_groups/groupadd.test b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/groupadd.test
new file mode 100755
index 0000000..0f12ae2
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/24_groupadd_2_groups/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can only create a single group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd group1 group2 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config.txt b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/group b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/passwd b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/shadow b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/data/group b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/data/group
new file mode 100644
index 0000000..6307e25
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:103:
diff --git a/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
new file mode 100755
index 0000000..87f80fb
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd can add a group without /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Add group foo (groupadd foo)..."
+groupadd foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config.txt b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/default/useradd b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/group b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/gshadow b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/passwd b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/shadow b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/data/groupadd.err b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/data/groupadd.err
new file mode 100644
index 0000000..bb5b556
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/data/groupadd.err
@@ -0,0 +1,14 @@
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
new file mode 100755
index 0000000..826a47a
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd -o require -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add group foo, GID 4294967295 (groupadd -g 4294967295 foo)..."
+groupadd -o group1 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config.txt b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/group b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/data/groupadd.err b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/data/groupadd.err
new file mode 100644
index 0000000..d3cae91
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/data/groupadd.err
@@ -0,0 +1,15 @@
+groupadd: unrecognized option '--zzinvalid'
+Usage: groupadd [options] GROUP
+
+Options:
+  -f, --force                   exit successfully if the group already exists,
+                                and cancel -g if the GID is already used
+  -g, --gid GID                 use GID for the new group
+  -h, --help                    display this help message and exit
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -o, --non-unique              allow to create groups with duplicate
+                                (non-unique) GID
+  -p, --password PASSWORD       use this encrypted password for the new group
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/groupadd.test b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
new file mode 100755
index 0000000..c8c0e9b
--- /dev/null
+++ b/tests/tests/grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupadd provide usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupadd with invalid options (groupadd --zzinvalid foo)..."
+groupadd --zzinvalid foo 2>tmp/groupadd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupadd reported:"
+echo "======================================================================="
+cat tmp/groupadd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupadd.err tmp/groupadd.err
+echo "error message OK."
+rm -f tmp/groupadd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config.txt b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/group b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/passwd b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/shadow b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/group b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/gshadow b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test
new file mode 100755
index 0000000..b590f9d
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/01_groupdel_delete_group/groupdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can delete a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config.txt b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/data/group b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
new file mode 100755
index 0000000..0ab4f19
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can delete a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config.txt b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/data/group b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
new file mode 100755
index 0000000..b0c0793
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can delete a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config.txt b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/group b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/passwd b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/shadow b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/data/groupdel.err b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/data/groupdel.err
new file mode 100644
index 0000000..f33297a
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/data/groupdel.err
@@ -0,0 +1 @@
+groupdel: cannot remove the primary group of user 'bar'
diff --git a/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
new file mode 100755
index 0000000..cab95ca
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel doesn't delete a group used as a primary group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "8"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config.txt b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/group b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/group
new file mode 100644
index 0000000..3196692
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..3a02ae8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/passwd b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/shadow b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/data/groupdel.err b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/data/groupdel.err
new file mode 100644
index 0000000..21d6add
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/data/groupdel.err
@@ -0,0 +1 @@
+groupdel: group 'foo' does not exist
diff --git a/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
new file mode 100755
index 0000000..76b6bfa
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel fails if the group is not valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config.txt b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/default/useradd b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/group b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/gshadow b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/login.defs b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/passwd b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/shadow b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/data/groupdel.err b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/data/groupdel.err
new file mode 100644
index 0000000..ed52317
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/data/groupdel.err
@@ -0,0 +1,2 @@
+groupdel: existing lock file /etc/group.lock without a PID
+groupdel: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
new file mode 100755
index 0000000..d2f54c9
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config.txt b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/data/groupdel.err b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/data/groupdel.err
new file mode 100644
index 0000000..66f2eaf
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/data/groupdel.err
@@ -0,0 +1,2 @@
+groupdel: existing lock file /etc/gshadow.lock without a PID
+groupdel: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
new file mode 100755
index 0000000..ea7a4cc
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config.txt b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/default/useradd b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/group b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/group
new file mode 100644
index 0000000..3196692
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/gshadow b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/gshadow
new file mode 100644
index 0000000..3a02ae8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/login.defs b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/passwd b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/shadow b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/data/groupdel.err b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/data/groupdel.err
new file mode 100644
index 0000000..e1d7f41
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/data/groupdel.err
@@ -0,0 +1,6 @@
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
new file mode 100755
index 0000000..2cdc0d5
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel checks if a group is provided in parameter"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete a group (groupdel)..."
+groupdel 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config.txt b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/default/useradd b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/group b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/group
new file mode 100644
index 0000000..3196692
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/gshadow b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/gshadow
new file mode 100644
index 0000000..3a02ae8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/login.defs b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/passwd b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/shadow b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/data/groupdel.err b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/data/groupdel.err
new file mode 100644
index 0000000..e1d7f41
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/data/groupdel.err
@@ -0,0 +1,6 @@
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
new file mode 100755
index 0000000..d833deb
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel does not delete two groups at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete two groups (groupdel foo bar)..."
+groupdel foo bar 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config.txt b/tests/tests/grouptools/groupdel/10_groupdel_usage/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/default/useradd b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/group b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/gshadow b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/login.defs b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/passwd b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/shadow b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/data/usage.out b/tests/tests/grouptools/groupdel/10_groupdel_usage/data/usage.out
new file mode 100644
index 0000000..e1d7f41
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/data/usage.out
@@ -0,0 +1,6 @@
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/10_groupdel_usage/groupdel.test b/tests/tests/grouptools/groupdel/10_groupdel_usage/groupdel.test
new file mode 100755
index 0000000..4a696a1
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/10_groupdel_usage/groupdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupdel usage message (groupdel --help)..."
+groupdel --help >tmp/usage.out
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usage.out tmp/usage.out
+echo "error message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config.txt b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/default/useradd b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/group b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/login.defs b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..69768f8
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..518993c
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:*:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/data/groupdel.err b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/data/groupdel.err
new file mode 100644
index 0000000..7502ba5
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/data/groupdel.err
@@ -0,0 +1,7 @@
+groupdel: invalid option -- 'Z'
+Usage: groupdel [options] GROUP
+
+Options:
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/groupdel.test b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
new file mode 100755
index 0000000..8072a4f
--- /dev/null
+++ b/tests/tests/grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupdel displays its usage message when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupdel with an invalid option (groupdel -Z foo)..."
+groupdel -Z foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config.txt b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/group b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/passwd b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/shadow b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/group b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/gshadow b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/gshadow
new file mode 100644
index 0000000..563a8ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1
diff --git a/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/groupmems.test b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
new file mode 100755
index 0000000..74c7420
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user utest1 to group gtest1..."
+groupmems -a utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config.txt b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/group b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/gshadow
new file mode 100644
index 0000000..563a8ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/passwd b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/shadow b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/group b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/gshadow b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/groupmems.test b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
new file mode 100755
index 0000000..fca4fdb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config.txt b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/group b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/gshadow
new file mode 100644
index 0000000..a559a9a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:utest1:
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/group b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/gshadow b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
new file mode 100755
index 0000000..6e5de89
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group (only admin in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config.txt b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/group b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/gshadow
new file mode 100644
index 0000000..793955f
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:utest1:utest1
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/passwd b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/shadow b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/group b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/gshadow b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
new file mode 100755
index 0000000..e4d9d07
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group (both from the admins and members in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..fbc5ea6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..63f3a76
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/group
new file mode 100644
index 0000000..f4d05d0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..567fc66
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..3fbfac2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can add an user to a group with multipleusers (even admins according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user utest1 to group gtest1..."
+groupmems -a utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..ce188f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..27eb919
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..6080f7c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..e6f9902
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..74c7420
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user utest1 to group gtest1..."
+groupmems -a utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..f1b2832
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1,sasl
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..567fc66
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/group
new file mode 100644
index 0000000..fbc5ea6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:sasl
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..63f3a76
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::sasl
diff --git a/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..8c1576b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group with multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..9c4e2c0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:tape,utest1,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..b5e0c75
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,utest1,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..2e57cf6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:tape,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..411f209
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:tape:sasl,staff
diff --git a/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..d340e3d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can remove an user from a group with multiple users (even admins according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user utest1 from group gtest1..."
+groupmems -d utest1 -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config.txt b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/group b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/group
new file mode 100644
index 0000000..62aeba4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/gshadow
new file mode 100644
index 0000000..563a8ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/passwd b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/shadow b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/group b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/gshadow b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
new file mode 100755
index 0000000..c8cf32d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can purge all users from a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Purge group gtest1..."
+groupmems -p -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..8d6f75b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..ea0fc85
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..9728b15
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can purge all users from a group (multiple users)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Purge group gtest1..."
+groupmems -p -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..d222d91
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config.txt
@@ -0,0 +1,2 @@
+user utest1
+group gtest1
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..8d6f75b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..3677f64
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*:plugdev,daemon,backup:utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..a07e498
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..976b4f9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..4f7c184
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+gtest1:x:1001:
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..283ca8c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..3bc1068
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by root) can purge all users from a group (multiple users and admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Purge group gtest1..."
+groupmems -p -g gtest1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config.txt b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/group b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/passwd b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/shadow b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/group b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/gshadow b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/groupmems.test b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
new file mode 100755
index 0000000..fc9360b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/12_groupmems_user_add_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config.txt b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/group b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/passwd b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/shadow b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/group b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/gshadow b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/groupmems.test b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
new file mode 100755
index 0000000..6edd279
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/13_groupmems_user_del_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config.txt b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/group b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/gshadow
new file mode 100644
index 0000000..7bc44c5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:utest1:
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/group b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/gshadow b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
new file mode 100755
index 0000000..38d0dcd
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group (only member according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/14_groupmems_user_del_user_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config.txt b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/group b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/gshadow
new file mode 100644
index 0000000..c824f7b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:utest1:utest1
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/passwd b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/shadow b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/group b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/gshadow b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
new file mode 100755
index 0000000..9377a02
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group (both gshadow members and admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..f1718b3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..e4953ce
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/group
new file mode 100644
index 0000000..b79c5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..b5681f7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..39acbdb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group with multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/16_groupmems_user_add_user_with_other_users/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..d28c3ef
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..a8221cb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,tape
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..9ab6baf
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..599f28b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,tape,utest1
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..7b63ddc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group with multiple users (even gshadow admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..dfa09d4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,sasl
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..b5681f7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl,utest1
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/group
new file mode 100644
index 0000000..f1718b3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..e4953ce
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..9bd46b6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can remove an user from a group with multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/18_groupmems_user_del_user_with_other_users/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..5ebdeca
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:tape,utest1,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..934d2af
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,utest1,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..406d078
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:tape,sasl,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..8fe2213
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:tape:sasl,staff
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..68ebb2f
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can remove an user from a group with multiple users (even gshadow admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config.txt b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/group b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/gshadow b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/passwd b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/shadow b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/group b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/gshadow b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
new file mode 100755
index 0000000..2398841
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/run_groupmems.exp b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/20_groupmems_user_purge_user/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config.txt b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/group b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/group
new file mode 100644
index 0000000..d0009e5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/gshadow
new file mode 100644
index 0000000..dfce137
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/passwd b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/shadow b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/group b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/gshadow b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
new file mode 100755
index 0000000..e63fc92
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users when multiple users were already in the group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config.txt b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/group b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/group
new file mode 100644
index 0000000..d0009e5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,dip,plugdev
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/gshadow b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/gshadow
new file mode 100644
index 0000000..2f63428
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:plugdev,daemon,backup:utest1,plugdev,tape
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/passwd b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/shadow b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/group b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/gshadow b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
new file mode 100755
index 0000000..bbcd7d6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users when multiple users were already in the group (even gshadow admins)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/run_groupmems.exp b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config.txt b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/group b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/group
new file mode 100644
index 0000000..0b80d30
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/gshadow b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/gshadow
new file mode 100644
index 0000000..750ecea
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/passwd b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/shadow b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
new file mode 100755
index 0000000..f287ade
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) fails for users not in the groups group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/run_groupmems.exp b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/run_groupmems.exp
new file mode 100755
index 0000000..084bb12
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/run_groupmems.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "groupmems: Permission denied"
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "126\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config.txt b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/group b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
new file mode 100755
index 0000000..3a78eff
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if a regular user tries to change (-a) another group with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/run_groupmems.exp
new file mode 100755
index 0000000..ac12a16
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1 -g gmyuser\r"		;#
+expect "groupmems: only root can use the -g/--group option"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "3\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config.txt b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/group b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/passwd b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/passwd
new file mode 100644
index 0000000..9e07aa1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424243::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/shadow b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
new file mode 100755
index 0000000..2a65f7b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if the name of the user's primary group differ from the user's name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/run_groupmems.exp
new file mode 100755
index 0000000..3de3fab
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/25_groupmems_user_add_user-not_user_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424243(gmyuser) groups=424243(gmyuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424243(gmyuser) groups=424243(gmyuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "groupmems: your groupname does not match your username"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "5\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config.txt b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/group b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/gshadow b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/passwd b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/shadow b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
new file mode 100755
index 0000000..d2b3383
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if the user is already a member of the group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/run_groupmems.exp b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/run_groupmems.exp
new file mode 100755
index 0000000..a7442aa
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/26_groupmems_user_add_user-already_member/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: user 'utest1' is already a member of 'myuser'"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "7\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config.txt b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/group b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/passwd b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/shadow b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
new file mode 100755
index 0000000..1a5666a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if the user is already a member of the group (even if it is not according to gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/run_groupmems.exp
new file mode 100755
index 0000000..a7442aa
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: user 'utest1' is already a member of 'myuser'"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "7\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config.txt b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/group b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/data/group b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/data/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
new file mode 100755
index 0000000..23b224a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems adds the user if it does not exist in group (but exists in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/run_groupmems.exp b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/run_groupmems.exp
new file mode 100755
index 0000000..4c40ef1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/run_groupmems.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config.txt b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/group b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/gshadow b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/passwd b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/shadow b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
new file mode 100755
index 0000000..201bb9a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails when the user to be added does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/run_groupmems.exp b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/run_groupmems.exp
new file mode 100755
index 0000000..6864f5c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest2\r"		;#
+expect "groupmems: user 'utest2' does not exist"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "8\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config.txt b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..9ceded0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/group b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/group
new file mode 100644
index 0000000..6249a8a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin,utest1
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..3748fc5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::sasl,root,bin,utest1
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
new file mode 100755
index 0000000..783876a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group, and creates the gshadow entry if it did not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config.txt b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..9ceded0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/data/group b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/data/group
new file mode 100644
index 0000000..6249a8a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:sasl,root,bin,utest1
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
new file mode 100755
index 0000000..31983b6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can add an user to a group, even if the gshadow file does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/run_groupmems.exp b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/run_groupmems.exp
new file mode 100755
index 0000000..18a29d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config.txt b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/group b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/group
new file mode 100644
index 0000000..248e7b7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:bin,daemon
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/gshadow b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/gshadow
new file mode 100644
index 0000000..d2f4c7b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:bin,daemon:
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/passwd b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/shadow b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
new file mode 100755
index 0000000..243d830
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems -d fails if the user is not a member of the group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/run_groupmems.exp b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/run_groupmems.exp
new file mode 100755
index 0000000..bc66529
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/32_groupmems_user_del_user-not_member/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: user 'utest1' is not a member of 'myuser'"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "6\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config.txt b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/group b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/group
new file mode 100644
index 0000000..2ef69bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,utest1,bin
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..eefaca8
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:daemon:bin
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/data/group b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/data/group
new file mode 100644
index 0000000..d1fae98
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,bin
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
new file mode 100755
index 0000000..b42c8f7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems removes the user if it exists in group (but does not exist in gshadow)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/run_groupmems.exp b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/run_groupmems.exp
new file mode 100755
index 0000000..7c6de70
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/run_groupmems.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config.txt b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/group b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/group
new file mode 100644
index 0000000..0a4716b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,utest2
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/gshadow b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/gshadow
new file mode 100644
index 0000000..0a1cb18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:utest2:utest1
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/passwd b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/shadow b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/group b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/gshadow b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
new file mode 100755
index 0000000..da1ebc5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems accepts to remove the user if this user does not (no more) exist)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/run_groupmems.exp b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/run_groupmems.exp
new file mode 100755
index 0000000..8c18c94
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/run_groupmems.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest2\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config.txt b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..0f4bff9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,utest1,utest2,bin
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/group b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/group
new file mode 100644
index 0000000..497eed7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:daemon,utest2,bin
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..487ecb3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::daemon,utest2,bin
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
new file mode 100755
index 0000000..43f2e5d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems -d will copy the group entry to gshadow if there were no entries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config.txt b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/data/group b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
new file mode 100755
index 0000000..22a83e5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can remove an user from a group if there are no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/run_groupmems.exp b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/run_groupmems.exp
new file mode 100755
index 0000000..8087c56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config.txt b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/group b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/gshadow
new file mode 100644
index 0000000..288d6c3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::<
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/passwd b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/shadow b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/data/gshadow b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
new file mode 100755
index 0000000..d97b904
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users even if the group is empty"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/37_groupmems_user_purge_user-empty_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config.txt b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..46c2778
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/group b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
new file mode 100755
index 0000000..f9d58f6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users even if there are no gshadow group (and a gshadow group is created)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config.txt b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/data/group b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/data/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
new file mode 100755
index 0000000..e6e8e9c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called from a regular user) can purge users, even if there are no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/run_groupmems.exp b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/run_groupmems.exp
new file mode 100755
index 0000000..3332449
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/run_groupmems.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config.txt b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/group b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
new file mode 100755
index 0000000..a2976d1
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if a regular user tries to change (-d) another group with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/run_groupmems.exp
new file mode 100755
index 0000000..0c57633
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1 -g gmyuser\r"		;#
+expect "groupmems: only root can use the -g/--group option"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "3\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config.txt b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/group b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/group
new file mode 100644
index 0000000..230ff8e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
+gmyuser:x:424243:
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..cd86429
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
+gmyuser:x::
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
new file mode 100755
index 0000000..f70f12a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems fails if a regular user tries to change (-p) another group with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/run_groupmems.exp
new file mode 100755
index 0000000..39cd9f8
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p -g gmyuser\r"		;#
+expect "groupmems: only root can use the -g/--group option"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "3\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config.txt b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/group b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/gshadow b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/gshadow
new file mode 100644
index 0000000..02b9401
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/passwd b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/shadow b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/groupmems.test b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
new file mode 100755
index 0000000..cb6bff4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/run_groupmems.exp b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/42_groupmems_user_list_users/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config.txt b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/group b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/gshadow b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/gshadow
new file mode 100644
index 0000000..74f0e82
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x:nouser,root:
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/passwd b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/shadow b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
new file mode 100755
index 0000000..9d2388b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group, and gshadow is not taken into account"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/run_groupmems.exp b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config.txt b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/group b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/gshadow b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/passwd b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/shadow b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
new file mode 100755
index 0000000..33e4fc4
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of another group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/run_groupmems.exp b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/run_groupmems.exp
new file mode 100755
index 0000000..43c335c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/44_groupmems_user_list_users-another_group/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l -g gtest1\r"		;#
+expect -re "\nutest1  bin  utmp \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config.txt b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..02b9401
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
new file mode 100755
index 0000000..58f09cd
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group, even if group is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/45_groupmems_user_list_users-group_locked/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..bd6da4e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..02b9401
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..a01a10e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) can list the users of a group, even if gshadow is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..a628348
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -l\r"		;#
+expect -re "\nutest1  bin  daemon \r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config.txt b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
new file mode 100755
index 0000000..302b689
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-a) fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..8d5e55e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/47_groupmems_user_add_user-group_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/group; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..7505b93
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..9945adc
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..38ac7a2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-a) fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..ba0ae56
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/gshadow; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config.txt b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
new file mode 100755
index 0000000..cfb8699
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-d) fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..d28b18c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/49_groupmems_user_del_user-group_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/group; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..c2b5626
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-d) fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..bf66b10
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -d utest1\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/gshadow; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config.txt b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/group b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
new file mode 100755
index 0000000..75272b3
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-p) fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/run_groupmems.exp
new file mode 100755
index 0000000..8f47464
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/51_groupmems_user_purge_user-group_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/group; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config.txt b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/group b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/group
new file mode 100644
index 0000000..7a0e295
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/gshadow b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/gshadow
new file mode 100644
index 0000000..c908c39
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/passwd b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/shadow b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
new file mode 100755
index 0000000..ecff63f
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (-p) fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/run_groupmems.exp b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/run_groupmems.exp
new file mode 100755
index 0000000..3913f7a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/run_groupmems.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -p\r"		;#
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (it is not ready to receive the password)
+sleep 0.1
+
+send "myuserF00barbaz\r"		;# Send the password
+
+send_user "\n# password 'myuserF00barbaz' sent\n\n"
+
+expect "groupmems: cannot lock /etc/gshadow; try again later."
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "2\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config.txt b/tests/tests/grouptools/groupmems/53_groupmems_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/group b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/gshadow b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/passwd b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/shadow b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/data/usage.out b/tests/tests/grouptools/groupmems/53_groupmems_usage/data/usage.out
new file mode 100644
index 0000000..584313c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/data/usage.out
@@ -0,0 +1,13 @@
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/53_groupmems_usage/groupmems.test b/tests/tests/grouptools/groupmems/53_groupmems_usage/groupmems.test
new file mode 100755
index 0000000..7b3784a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/53_groupmems_usage/groupmems.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupmems usage (groupmems -h)..."
+groupmems -h >tmp/usage.out
+
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config.txt b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/group b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/login.defs b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/data/groupmems.err b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/data/groupmems.err
new file mode 100644
index 0000000..a6ac1f6
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/data/groupmems.err
@@ -0,0 +1,14 @@
+groupmems: invalid option -- 'Z'
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
new file mode 100755
index 0000000..d0e1fa7
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems reports usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmems with an invalid option (groupmems -Z bar -g 1000 foo)..."
+groupmems -Z bar -g 1000 -a foo 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config.txt b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/group b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/gshadow b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/login.defs b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/passwd b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/shadow b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/data/groupmems.err b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/data/groupmems.err
new file mode 100644
index 0000000..584313c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/data/groupmems.err
@@ -0,0 +1,13 @@
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
new file mode 100755
index 0000000..4b82e0d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems reports usage if the -a and -d options are used at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmems with the -a and -d options (groupmems -a root -d nobody -g foo)..."
+groupmems -a root -d nobody -g foo 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config.txt b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/group b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/gshadow b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/login.defs b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/passwd b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/shadow b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/data/groupmems.err b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/data/groupmems.err
new file mode 100644
index 0000000..584313c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/data/groupmems.err
@@ -0,0 +1,13 @@
+Usage: groupmems [options] [action]
+
+Options:
+  -g, --group groupname         change groupname instead of the user's group
+                                (root only)
+  -R, --root CHROOT_DIR         directory to chroot into
+
+Actions:
+  -a, --add username            add username to the members of the group
+  -d, --delete username         remove username from the members of the group
+  -h, --help                    display this help message and exit
+  -p, --purge                   purge all members from the group
+  -l, --list                    list the members of the group
diff --git a/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
new file mode 100755
index 0000000..bdd0632
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems reports usage if extra arguments are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmems with an extra argument (groupmems -a root -g foo foo)..."
+groupmems -a root -g foo foo 2>tmp/groupmems.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "groupmems reported:"
+echo "======================================================================="
+cat tmp/groupmems.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmems.err tmp/groupmems.err
+echo "error message OK."
+rm -f tmp/groupmems.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config.txt b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..2b65f34
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/pam.d/groupmems
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+@include common-auth
+@include common-account
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/group b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/group
new file mode 100644
index 0000000..7214940
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon,nobody
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow
new file mode 100644
index 0000000..b79987c
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon,nobody
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test b/tests/tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test
new file mode 100755
index 0000000..4abad1b
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticate the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp b/tests/tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp
new file mode 100755
index 0000000..5689cd5
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/57_groupmems_authentication/run_groupmems.exp
@@ -0,0 +1,43 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "0\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config.txt b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/group b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/gshadow b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-account b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-account
new file mode 100644
index 0000000..316b173
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-auth b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..2b65f34
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/pam.d/groupmems
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+@include common-auth
+@include common-account
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/passwd b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/shadow b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
new file mode 100755
index 0000000..bf741c9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticates the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/run_groupmems.exp b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/run_groupmems.exp
new file mode 100755
index 0000000..b42b92e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/58_groupmems_authentication_failure1/run_groupmems.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect
+
+set timeout 3
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect "Password: "
+send "!myuserF00barbaz\r"
+expect -re "groupmems: PAM: Authentication failure\r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "1\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config.txt b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/group b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/gshadow b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-account b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-account
new file mode 100644
index 0000000..c175a14
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-account
@@ -0,0 +1 @@
+account	requisite			pam_deny.so
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-auth b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-auth
new file mode 100644
index 0000000..5facfa2
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/common-auth
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..2b65f34
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/pam.d/groupmems
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+@include common-auth
+@include common-account
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/passwd b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/shadow b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
new file mode 100755
index 0000000..bf741c9
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticates the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/run_groupmems.exp b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/run_groupmems.exp
new file mode 100755
index 0000000..0da4b22
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/59_groupmems_authentication_failure2/run_groupmems.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect
+
+set timeout 3
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect -re "groupmems: PAM: Authentication failure\r"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "1\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config.txt b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config.txt
new file mode 100644
index 0000000..fa7bf43
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config.txt
@@ -0,0 +1 @@
+user myuser, in group groups
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/group b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/group
new file mode 100644
index 0000000..287981e
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+groupmems:x:99:myuser
+utest1:x:1000:
+myuser:x:424242:utest1,bin,daemon
+gtest1:x:424242:utest1,bin,utmp
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/gshadow b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/gshadow
new file mode 100644
index 0000000..f9ba86a
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+groupmems:*::myuser
+utest1:*::
+myuser:x::utest1,bin,daemon
+gtest1:*::
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/groupmems b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/groupmems
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/groupmems
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/other b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/other
new file mode 100644
index 0000000..9152969
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/pam.d/other
@@ -0,0 +1 @@
+This file will be removed
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/passwd b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/passwd
new file mode 100644
index 0000000..df9b7a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+utest1:x:1000:1000::/tmp:/bin/sh
+myuser:x:424242:424242::/home:/bin/bash
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/shadow b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/shadow
new file mode 100644
index 0000000..65079bb
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+utest1:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
new file mode 100755
index 0000000..fb5129d
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmems (called by a regular user) authenticates the caller"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove PAM configuration (/etc/pam.d/other /etc/pam.d/groupmems)..."
+rm -f /etc/pam.d/other /etc/pam.d/groupmems
+echo "OK"
+
+echo -n "myuser will call groupmems..."
+./run_groupmems.exp
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/run_groupmems.exp b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/run_groupmems.exp
new file mode 100755
index 0000000..76c1b76
--- /dev/null
+++ b/tests/tests/grouptools/groupmems/60_groupmems_authentication_failure3/run_groupmems.exp
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+
+set timeout 3
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 0} {
+	puts "usage: run_groupmems.exp"
+	exit 1
+}
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the 'myuser' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su myuser
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'myuser'"
+send_user "\n# id should return 'uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser),99(groupmems)"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now add user utest1 to the myuser group\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "/usr/sbin/groupmems -a nobody\r"
+expect -re "groupmems: PAM: Critical error . immediate abort"
+
+expect "$ "			;# Wait for the prompt
+send "echo $?\r"
+expect "1\r"
+expect "$ "			;# Wait for the prompt
+close
+
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config.txt b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/default/useradd b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/group b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/gshadow b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/login.defs b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/passwd b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/shadow b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/data/group b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test
new file mode 100755
index 0000000..5c32e0b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/01_groupmod_change_gid/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config.txt b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/group b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/passwd b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/shadow b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/group b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/passwd b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/passwd
new file mode 100644
index 0000000..9fd396a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
new file mode 100755
index 0000000..f92fc52
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod changes the primary group of users when it changes the GID of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/data/group b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..4b327c5
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group (no gshadow group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config.txt b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/data/group b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
new file mode 100755
index 0000000..6ba1e5e
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config.txt b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/group b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/data/group b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/data/group
new file mode 100644
index 0000000..2c24807
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
new file mode 100755
index 0000000..51f92a7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group to an already used GID, with -o"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 -o foo)..."
+groupmod -g 1001 -o foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config.txt b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/group b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/passwd b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/shadow b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/group b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/gshadow b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/groupmod.test b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
new file mode 100755
index 0000000..cb567a8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/data/group b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..65391ba
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group (no gshadow group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config.txt b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/data/group b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
new file mode 100755
index 0000000..dee0d5b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Rename group foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config.txt b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/default/useradd b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/group b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/gshadow b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/login.defs b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/passwd b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/shadow b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/data/gshadow b/tests/tests/grouptools/groupmod/09_groupmod_set_password/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/09_groupmod_set_password/groupmod.test b/tests/tests/grouptools/groupmod/09_groupmod_set_password/groupmod.test
new file mode 100755
index 0000000..dd2b400
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/09_groupmod_set_password/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..01a7d46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow group)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config.txt b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/default/useradd b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/group b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..7c2b4e8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:oldpass:1000:
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/gshadow b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/login.defs b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/passwd b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/shadow b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/data/group b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
new file mode 100755
index 0000000..44597ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config.txt b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/group b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/passwd b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/shadow b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/data/groupmod.err b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/data/groupmod.err
new file mode 100644
index 0000000..35720f8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: group 'bar' does not exist
diff --git a/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
new file mode 100755
index 0000000..4c7f477
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the group exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to 1001 (groupmod -g 1001 bar)..."
+groupmod -g 1001 bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config.txt b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/group b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/data/groupmod.err b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/data/groupmod.err
new file mode 100644
index 0000000..796f655
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: GID '1001' already exists
diff --git a/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
new file mode 100755
index 0000000..9ce5bfe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the new GID is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config.txt b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/group b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/passwd b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/shadow b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/data/groupmod.err b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/data/groupmod.err
new file mode 100644
index 0000000..97ea6f6
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: group 'bar' already exists
diff --git a/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
new file mode 100755
index 0000000..1245a9d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the new group name is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar (groupmod --new-name bar foo)..."
+groupmod --new-name bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config.txt b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config.txt
new file mode 100644
index 0000000..872618a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config.txt
@@ -0,0 +1,2 @@
+group foo, GID 1000
+group bar, GID 1001
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/group b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/group
new file mode 100644
index 0000000..e65d5b0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/passwd b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/shadow b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/data/groupmod.err b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/data/groupmod.err
new file mode 100644
index 0000000..1a0e537
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group name 'to:to'
diff --git a/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
new file mode 100755
index 0000000..f326d1d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the new group name is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to to:to (groupmod --new-name to:to foo)..."
+groupmod --new-name to:to foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config.txt b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/default/useradd b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/group b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/gshadow b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/login.defs b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/passwd b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/shadow b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
new file mode 100755
index 0000000..f9a3519
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can rename a group to its name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to foo (groupmod -n foo foo)..."
+groupmod -n foo foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config.txt b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/group b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/passwd b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/shadow b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/data/groupmod.err b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/data/groupmod.err
new file mode 100644
index 0000000..e399ec7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/data/groupmod.err
@@ -0,0 +1,2 @@
+groupmod: existing lock file /etc/group.lock without a PID
+groupmod: cannot lock /etc/group; try again later.
diff --git a/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
new file mode 100755
index 0000000..21a0a1b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config.txt b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/default/useradd b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/data/group b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/data/group
new file mode 100644
index 0000000..b51c3ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1001:
diff --git a/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
new file mode 100755
index 0000000..60b4c4f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the gshadow file is locked only if gshadow is changed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/gshadow.lock
+echo "done"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config.txt b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/group b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/data/groupmod.err b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/data/groupmod.err
new file mode 100644
index 0000000..c8745ef
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group ID '1001a'
diff --git a/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
new file mode 100755
index 0000000..d3ae0a1
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the specified GID is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to 1001a (groupmod -g 1001a bar)..."
+groupmod -g 1001a bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config.txt b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/default/useradd b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/group b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/gshadow b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/login.defs b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/passwd b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/shadow b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/data/groupmod.err b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/data/groupmod.err
new file mode 100644
index 0000000..824372f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group ID '-1001'
diff --git a/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
new file mode 100755
index 0000000..cc583b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the specified GID is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to -1001 (groupmod -g -1001 bar)..."
+groupmod -g -1001 bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config.txt b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/group b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/passwd b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/shadow b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/data/groupmod.err b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/data/groupmod.err
new file mode 100644
index 0000000..c9b28d7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/data/groupmod.err
@@ -0,0 +1,11 @@
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
new file mode 100755
index 0000000..bcfbb64
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks a group parameter was given"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change GID to 1001 (groupmod -g 1001)..."
+groupmod -g 1001 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/group b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/passwd b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/shadow b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/group b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/gshadow b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
new file mode 100755
index 0000000..612ac24
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID of a group and the group's name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID and name of foo to 1001/foo2 (groupmod -g 1001 -n foo2 foo)..."
+groupmod -g 1001 -n foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/group b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/gshadow b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/login.defs b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/passwd b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/shadow b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/group b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/group
new file mode 100644
index 0000000..e898b8d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo3:x:1001:
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/gshadow b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/gshadow
new file mode 100644
index 0000000..3c65dec
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo3:toto::
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/passwd b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/passwd
new file mode 100644
index 0000000..9fd396a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001:::/bin/false
diff --git a/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
new file mode 100755
index 0000000..5f1c0f8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the GID, the name, and the password of a group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID, name and password of foo (groupmod -n foo3 -g 1001 -p toto foo)..."
+groupmod -n foo3 -g 1001 -p toto foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/group b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/gshadow b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/login.defs b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/passwd b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/shadow b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/data/groupmod.err b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/data/groupmod.err
new file mode 100644
index 0000000..3b3400f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/data/groupmod.err
@@ -0,0 +1,2 @@
+groupmod: existing lock file /etc/gshadow.lock without a PID
+groupmod: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
new file mode 100755
index 0000000..a07c6a1
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change GID and name of foo to 1001 (groupmod -g 1001 -n bar foo)..."
+groupmod -g 1001 -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/group b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/gshadow b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/login.defs b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/passwd b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/shadow b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/data/groupmod.err b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/data/groupmod.err
new file mode 100644
index 0000000..5d391a0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/data/groupmod.err
@@ -0,0 +1,2 @@
+groupmod: existing lock file /etc/passwd.lock without a PID
+groupmod: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
new file mode 100755
index 0000000..b56d14c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change GID of foo to 1001 (groupmod -g 1001 foo)..."
+groupmod -g 1001 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/group b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/gshadow b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/login.defs b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/passwd b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/shadow b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/group b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/gshadow b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
new file mode 100755
index 0000000..d0831fd
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the passwd file is locked only if passwd is changed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change name of foo to bar (groupmod -n bar foo)..."
+groupmod -n bar foo
+echo "OK"
+
+echo -n "Delete lock file for /etc/gshadow..."
+rm -f /etc/passwd.lock
+echo "done"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config.txt b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/default/useradd b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/group b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/gshadow b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/login.defs b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/passwd b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/shadow b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/data/groupmod.err b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/data/groupmod.err
new file mode 100644
index 0000000..70d741a
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/data/groupmod.err
@@ -0,0 +1 @@
+groupmod: invalid group ID '4294967295'
diff --git a/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
new file mode 100755
index 0000000..6dc895f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod checks if the specified GID is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change GID of bar to 4294967295 (groupmod -g 4294967295 bar)..."
+groupmod -g 4294967295 bar 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config.txt b/tests/tests/grouptools/groupmod/28_groupmod_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/default/useradd b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/group b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/gshadow b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/passwd b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/shadow b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/data/usage.out b/tests/tests/grouptools/groupmod/28_groupmod_usage/data/usage.out
new file mode 100644
index 0000000..c9b28d7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/data/usage.out
@@ -0,0 +1,11 @@
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/28_groupmod_usage/groupmod.test b/tests/tests/grouptools/groupmod/28_groupmod_usage/groupmod.test
new file mode 100755
index 0000000..29fe545
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/28_groupmod_usage/groupmod.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get groupmod usage (groupmod -h)..."
+groupmod -h >tmp/usage.out
+
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config.txt b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/group b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/passwd b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/shadow b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/group b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/gshadow b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
new file mode 100755
index 0000000..f899420
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can change the name of a group and keep the same gid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar and keep the same gid (groupmod -n bar -g 1000 foo)..."
+groupmod -n bar -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config.txt b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/default/useradd b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/group b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/gshadow b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/login.defs b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/passwd b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/shadow b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
new file mode 100755
index 0000000..976476c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can keep the name and gid for a group and does not complain"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename group foo to bar and keep the same gid (groupmod -n foo -g 1000 foo)..."
+groupmod -n foo -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config.txt b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/default/useradd b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/group b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/gshadow b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/login.defs b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/passwd b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/shadow b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
new file mode 100755
index 0000000..95262ef
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod keeps the same gid and does not complain if there are no other changes"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Keep the same gid and no other changes (groupmod -g 1000 foo)..."
+groupmod -g 1000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config.txt b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/default/useradd b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/group b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/gshadow b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/passwd b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/shadow b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/data/groupmod.err b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/data/groupmod.err
new file mode 100644
index 0000000..c9b28d7
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/data/groupmod.err
@@ -0,0 +1,11 @@
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
new file mode 100755
index 0000000..13d13ee
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod -o requires -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "groupmod -o -n bar foo..."
+groupmod -o -n bar foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config.txt b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/default/useradd b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/group b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/gshadow b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/login.defs b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/passwd b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/shadow b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/data/group b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
new file mode 100755
index 0000000..44597ad
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "Remove the gshadow file"
+rm -f /etc/gshadow
+
+echo -n "Change GID of foo to 1001 (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config.txt b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/default/useradd b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/group b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/group
new file mode 100644
index 0000000..7c2b4e8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:oldpass:1000:
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/gshadow b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/login.defs b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/passwd b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/shadow b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/group b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/gshadow b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
new file mode 100755
index 0000000..a765f4d
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change password of foo (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..7c2b4e8
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:oldpass:1000:
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/data/group b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/data/group
new file mode 100644
index 0000000..fafb2ea
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:foopassw:1000:
diff --git a/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..1e2303c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change password of foo (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config.txt b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/default/useradd b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/group b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/gshadow b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/login.defs b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/passwd b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/shadow b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/data/gshadow b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/data/gshadow
new file mode 100644
index 0000000..601bd46
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:foopassw::
diff --git a/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
new file mode 100755
index 0000000..c2a0b6b
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod can set the password of a group (no gshadow file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change password of foo (groupmod -p foopassw foo)..."
+groupmod -p foopassw foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config.txt b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config.txt
new file mode 100644
index 0000000..e9e4bbe
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config.txt
@@ -0,0 +1 @@
+group foo, GID 1000
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/group b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/gshadow b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/login.defs b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/passwd b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/shadow b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/data/groupmod.err b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/data/groupmod.err
new file mode 100644
index 0000000..6bec2e0
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/data/groupmod.err
@@ -0,0 +1,12 @@
+groupmod: invalid option -- 'Z'
+Usage: groupmod [options] GROUP
+
+Options:
+  -g, --gid GID                 change the group ID to GID
+  -h, --help                    display this help message and exit
+  -n, --new-name NEW_GROUP      change the name to NEW_GROUP
+  -o, --non-unique              allow to use a duplicate (non-unique) GID
+  -p, --password PASSWORD       change the password to this (encrypted)
+                                PASSWORD
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/groupmod.test b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
new file mode 100755
index 0000000..23c394f
--- /dev/null
+++ b/tests/tests/grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "groupmod reports usage when called with an invalid option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call groupmod with an invalid option (groupmod -Z bar -g 1000 foo)..."
+groupmod -Z bar -g 1000 foo 2>tmp/groupmod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "groupmod reported:"
+echo "======================================================================="
+cat tmp/groupmod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupmod.err tmp/groupmod.err
+echo "error message OK."
+rm -f tmp/groupmod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/01_list_ranges/config.txt b/tests/tests/libsubid/01_list_ranges/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/config.txt
diff --git a/tests/tests/libsubid/01_list_ranges/config/etc/subgid b/tests/tests/libsubid/01_list_ranges/config/etc/subgid
new file mode 100644
index 0000000..b9495cf
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/01_list_ranges/config/etc/subuid b/tests/tests/libsubid/01_list_ranges/config/etc/subuid
new file mode 100644
index 0000000..e5c537b
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/config/etc/subuid
@@ -0,0 +1,3 @@
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/01_list_ranges/list_ranges.test b/tests/tests/libsubid/01_list_ranges/list_ranges.test
new file mode 100755
index 0000000..37af125
--- /dev/null
+++ b/tests/tests/libsubid/01_list_ranges/list_ranges.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "list_ranges shows subid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "list foo's ranges..."
+${build_path}/src/getsubids foo > /tmp/subuidlistout
+${build_path}/src/getsubids -g foo > /tmp/subgidlistout
+echo "OK"
+
+echo -n "Check the subuid ranges..."
+[ $(wc -l /tmp/subuidlistout | awk '{ print $1 }') -eq 2 ]
+grep "0: foo 300000 10000" /tmp/subuidlistout
+grep "1: foo 400000 10000" /tmp/subuidlistout
+echo "OK"
+
+echo -n "Check the subgid ranges..."
+[ $(wc -l /tmp/subgidlistout | awk '{ print $1 }') -eq 1 ]
+grep "0: foo 200000 10000" /tmp/subgidlistout
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/02_get_subid_owners/config.txt b/tests/tests/libsubid/02_get_subid_owners/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config.txt
diff --git a/tests/tests/libsubid/02_get_subid_owners/config/etc/passwd b/tests/tests/libsubid/02_get_subid_owners/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/libsubid/02_get_subid_owners/config/etc/subgid b/tests/tests/libsubid/02_get_subid_owners/config/etc/subgid
new file mode 100644
index 0000000..b9495cf
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/02_get_subid_owners/config/etc/subuid b/tests/tests/libsubid/02_get_subid_owners/config/etc/subuid
new file mode 100644
index 0000000..dd11875
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/config/etc/subuid
@@ -0,0 +1,4 @@
+foo:300000:10000
+foo:400000:10000
+foo:500000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/02_get_subid_owners/get_subid_owners.test b/tests/tests/libsubid/02_get_subid_owners/get_subid_owners.test
new file mode 100755
index 0000000..145477c
--- /dev/null
+++ b/tests/tests/libsubid/02_get_subid_owners/get_subid_owners.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "get subid owners"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Noone owns 0 as a subid..."
+[ -z "$(${build_path}/src/get_subid_owners 0)" ]
+echo "OK"
+
+echo -n "foo owns subuid 300000..."
+[ "$(${build_path}/src/get_subid_owners 300000)" = "1000" ]
+echo "OK"
+
+echo -n "foo owns subgid 200000..."
+[ "$(${build_path}/src/get_subid_owners -g 200000)" = "1000" ]
+echo "OK"
+
+echo -n "Noone owns subuid 200000..."
+[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
+echo "OK"
+
+echo -n "Noone owns subgid 300000..."
+[ -z "$(${build_path}/src/get_subid_owners -g 300000)" ]
+echo "OK"
+
+echo -n "Both foo and root own subuid 500000..."
+cat > /tmp/expected << EOF
+1000
+0
+EOF
+${build_path}/src/get_subid_owners 500000 > /tmp/actual
+diff /tmp/expected /tmp/actual
+
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/03_add_remove/add_remove_subids.test b/tests/tests/libsubid/03_add_remove/add_remove_subids.test
new file mode 100755
index 0000000..a24a975
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/add_remove_subids.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "add and remove subid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Existing ranges returned when possible..."
+res=$(${build_path}/src/new_subid_range foo 500)
+echo "debug"
+echo "res is $res"
+echo "wanted Subuid range 300000:10000"
+echo "end debug"
+[ "$res" = "Subuid range 300000:10000" ]
+[ $(grep -c foo /etc/subuid) -eq 1 ]
+echo "OK"
+
+echo -n "New range returned if requested..."
+res=$(${build_path}/src/new_subid_range foo 500 -n)
+[ "$res" = "Subuid range 310000:500" ]
+[ $(grep -c foo /etc/subuid) -eq 2 ]
+echo "OK"
+
+echo -n "Free works..."
+res=$(${build_path}/src/free_subid_range foo 310000 500)
+[ $(grep -c foo /etc/subuid) -eq 1 ]
+echo "OK"
+
+echo -n "Subgids work too..."
+res=$(${build_path}/src/new_subid_range -g foo 100000)
+echo "DEBUG: res is ${res}"
+[ "$res" = "Subuid range 501000:100000" ]
+echo "DEBUG: subgid is:"
+cat /etc/subgid
+[ $(grep -c foo /etc/subgid) -eq 2 ]
+
+echo -n "Subgid free works..."
+res=$(${build_path}/src/free_subid_range -g foo 501000 100000)
+echo "DEBUG: res is ${res}"
+echo "DEBUG: subgid is:"
+cat /etc/subgid
+[ $(grep -c foo /etc/subgid) -eq 1 ]
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/libsubid/03_add_remove/config.txt b/tests/tests/libsubid/03_add_remove/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config.txt
diff --git a/tests/tests/libsubid/03_add_remove/config/etc/passwd b/tests/tests/libsubid/03_add_remove/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/libsubid/03_add_remove/config/etc/subgid b/tests/tests/libsubid/03_add_remove/config/etc/subgid
new file mode 100644
index 0000000..b9495cf
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:500000:1000
diff --git a/tests/tests/libsubid/03_add_remove/config/etc/subuid b/tests/tests/libsubid/03_add_remove/config/etc/subuid
new file mode 100644
index 0000000..cf80c2f
--- /dev/null
+++ b/tests/tests/libsubid/03_add_remove/config/etc/subuid
@@ -0,0 +1 @@
+foo:300000:10000
diff --git a/tests/tests/libsubid/04_nss/Makefile b/tests/tests/libsubid/04_nss/Makefile
new file mode 100644
index 0000000..dd5acf7
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/Makefile
@@ -0,0 +1,12 @@
+all: test_nss libsubid_zzz.so
+
+test_nss: test_nss.c ../../../lib/nss.c
+	gcc -c -I../../../lib/ -I../../.. -o test_nss.o test_nss.c
+	gcc -o test_nss test_nss.o ../../../lib/.libs/libshadow.a -ldl
+
+libsubid_zzz.so: libsubid_zzz.c
+	gcc -c -I../../../lib/ -I../../.. -I../../../libsubid libsubid_zzz.c
+	gcc -L../../../libsubid -shared -o libsubid_zzz.so libsubid_zzz.o ../../../lib/.libs/libshadow.a -ldl
+
+clean:
+	rm -f *.o *.so test_nss
diff --git a/tests/tests/libsubid/04_nss/empty b/tests/tests/libsubid/04_nss/empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/empty
diff --git a/tests/tests/libsubid/04_nss/libsubid_zzz.c b/tests/tests/libsubid/04_nss/libsubid_zzz.c
new file mode 100644
index 0000000..1a9de23
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/libsubid_zzz.c
@@ -0,0 +1,140 @@
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <subid.h>
+#include <string.h>
+#include "alloc.h"
+
+enum subid_status shadow_subid_has_any_range(const char *owner, enum subid_type t, bool *result)
+{
+	if (strcmp(owner, "ubuntu") == 0) {
+		*result = true;
+		return SUBID_STATUS_SUCCESS;
+	}
+	if (strcmp(owner, "error") == 0) {
+		*result = false;
+		return SUBID_STATUS_ERROR;
+	}
+	if (strcmp(owner, "unknown") == 0) {
+		*result = false;
+		return SUBID_STATUS_UNKNOWN_USER;
+	}
+	if (strcmp(owner, "conn") == 0) {
+		*result = false;
+		return SUBID_STATUS_ERROR_CONN;
+	}
+	if (t == ID_TYPE_UID) {
+		*result = strcmp(owner, "user1") == 0;
+		return SUBID_STATUS_SUCCESS;
+	}
+
+	*result = strcmp(owner, "group1") == 0;
+	return SUBID_STATUS_SUCCESS;
+}
+
+enum subid_status shadow_subid_has_range(const char *owner, unsigned long start, unsigned long count, enum subid_type t, bool *result)
+{
+	if (strcmp(owner, "ubuntu") == 0 &&
+	    start >= 200000 &&
+	    count <= 100000) {
+		*result = true;
+		return SUBID_STATUS_SUCCESS;
+	}
+	*result = false;
+	if (strcmp(owner, "error") == 0)
+		return SUBID_STATUS_ERROR;
+	if (strcmp(owner, "unknown") == 0)
+		return SUBID_STATUS_UNKNOWN_USER;
+	if (strcmp(owner, "conn") == 0)
+		return SUBID_STATUS_ERROR_CONN;
+
+	if (t == ID_TYPE_UID && strcmp(owner, "user1") != 0)
+		return SUBID_STATUS_SUCCESS;
+	if (t == ID_TYPE_GID && strcmp(owner, "group1") != 0)
+		return SUBID_STATUS_SUCCESS;
+
+	if (start < 100000)
+		return SUBID_STATUS_SUCCESS;
+	if (count >= 65536)
+		return SUBID_STATUS_SUCCESS;
+	*result = true;
+	return SUBID_STATUS_SUCCESS;
+}
+
+// So if 'user1' or 'ubuntu' is defined in passwd, we'll return those values,
+// to ease manual testing.  For automated testing, if you return those values,
+// we'll return 1000 for ubuntu and 1001 otherwise.
+static uid_t getnamuid(const char *name) {
+	struct passwd *pw;
+
+	pw = getpwnam(name);
+	if (pw)
+		return pw->pw_uid;
+
+	// For testing purposes
+	return strcmp(name, "ubuntu") == 0 ? (uid_t)1000 : (uid_t)1001;
+}
+
+static int alloc_uid(uid_t **uids, uid_t id) {
+	*uids = MALLOC(1, uid_t);
+	if (!*uids)
+		return -1;
+	*uids[0] = id;
+	return 1;
+}
+
+enum subid_status shadow_subid_find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids, int *count)
+{
+	if (id >= 100000 && id < 165536) {
+		*count = alloc_uid(uids, getnamuid("user1"));
+		if (*count == 1)
+			return SUBID_STATUS_SUCCESS;
+		return SUBID_STATUS_ERROR; // out of memory
+	}
+	if (id >= 200000 && id < 300000) {
+		*count = alloc_uid(uids, getnamuid("ubuntu"));
+		if (*count == 1)
+			return SUBID_STATUS_SUCCESS;
+		return SUBID_STATUS_ERROR; // out of memory
+	}
+	*count = 0; // nothing found
+	return SUBID_STATUS_SUCCESS;
+}
+
+enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **in_ranges, int *count)
+{
+	struct subid_range *ranges;
+
+	*count = 0;
+	if (strcmp(owner, "error") == 0)
+		return SUBID_STATUS_ERROR;
+	if (strcmp(owner, "unknown") == 0)
+		return SUBID_STATUS_UNKNOWN_USER;
+	if (strcmp(owner, "conn") == 0)
+		return SUBID_STATUS_ERROR_CONN;
+
+	*in_ranges = NULL;
+	if (strcmp(owner, "user1") != 0 && strcmp(owner, "ubuntu") != 0 &&
+	    strcmp(owner, "group1") != 0)
+		return SUBID_STATUS_SUCCESS;
+	if (id_type == ID_TYPE_GID && strcmp(owner, "user1") == 0)
+		return SUBID_STATUS_SUCCESS;
+	if (id_type == ID_TYPE_UID && strcmp(owner, "group1") == 0)
+		return SUBID_STATUS_SUCCESS;
+	ranges = MALLOC(1, struct subid_range);
+	if (!ranges)
+		return SUBID_STATUS_ERROR;
+	if (strcmp(owner, "user1") == 0 || strcmp(owner, "group1") == 0) {
+		ranges[0].start = 100000;
+		ranges[0].count = 65536;
+	} else {
+		ranges[0].start = 200000;
+		ranges[0].count = 100000;
+	}
+
+	*count = 1;
+	*in_ranges = ranges;
+
+	return SUBID_STATUS_SUCCESS;
+}
diff --git a/tests/tests/libsubid/04_nss/nsswitch1.conf b/tests/tests/libsubid/04_nss/nsswitch1.conf
new file mode 100644
index 0000000..43764a3
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/nsswitch1.conf
@@ -0,0 +1,20 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         files systemd
+group:          files systemd
+shadow:         files
+gshadow:        files
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
diff --git a/tests/tests/libsubid/04_nss/nsswitch2.conf b/tests/tests/libsubid/04_nss/nsswitch2.conf
new file mode 100644
index 0000000..d371a36
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/nsswitch2.conf
@@ -0,0 +1,22 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         files systemd
+group:          files systemd
+shadow:         files
+gshadow:        files
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+
+subid:          files
diff --git a/tests/tests/libsubid/04_nss/nsswitch3.conf b/tests/tests/libsubid/04_nss/nsswitch3.conf
new file mode 100644
index 0000000..19f2d93
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/nsswitch3.conf
@@ -0,0 +1,22 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         files systemd
+group:          files systemd
+shadow:         files
+gshadow:        files
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+
+subid:          zzz
diff --git a/tests/tests/libsubid/04_nss/subidnss.test b/tests/tests/libsubid/04_nss/subidnss.test
new file mode 100755
index 0000000..3d40dc8
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/subidnss.test
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+make
+
+export LD_LIBRARY_PATH=.:../../../lib/.libs:$LD_LIBRARY_PATH
+
+./test_nss 1
+./test_nss 2
+./test_nss 3
+
+unshare -Urm ./test_range
+
+log_status "$0" "SUCCESS"
+
+trap '' 0
diff --git a/tests/tests/libsubid/04_nss/test_nss.c b/tests/tests/libsubid/04_nss/test_nss.c
new file mode 100644
index 0000000..5d903ab
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/test_nss.c
@@ -0,0 +1,72 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <prototypes.h>
+#include <stdbool.h>
+#include <dlfcn.h>
+
+extern bool nss_is_initialized();
+extern struct subid_nss_ops *get_subid_nss_handle();
+
+void test1() {
+	// nsswitch1 has no subid: entry
+	setenv("LD_LIBRARY_PATH", ".", 1);
+	printf("Test with no subid entry\n");
+	nss_init("./nsswitch1.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+	// second run should change nothing
+	printf("Test with no subid entry, second run\n");
+	nss_init("./nsswitch1.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+}
+
+void test2() {
+	// nsswitch2 has a subid: files entry
+	printf("test with 'files' subid entry\n");
+	nss_init("./nsswitch2.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+	// second run should change nothing
+	printf("test with 'files' subid entry, second run\n");
+	nss_init("./nsswitch2.conf");
+	if (!nss_is_initialized() || get_subid_nss_handle())
+		exit(1);
+}
+
+void test3() {
+	// nsswitch3 has a subid: testnss entry
+	printf("test with 'test' subid entry\n");
+	nss_init("./nsswitch3.conf");
+	if (!nss_is_initialized() || !get_subid_nss_handle())
+		exit(1);
+	// second run should change nothing
+	printf("test with 'test' subid entry, second run\n");
+	nss_init("./nsswitch3.conf");
+	if (!nss_is_initialized() || !get_subid_nss_handle())
+		exit(1);
+}
+
+const char *Prog;
+
+int main(int argc, char *argv[])
+{
+	int which;
+
+	Prog = Basename(argv[0]);
+
+	if (argc < 1)
+		exit(1);
+
+	which = atoi(argv[1]);
+	switch(which) {
+	case 1: test1(); break;
+	case 2: test2(); break;
+	case 3: test3(); break;
+	default: exit(1);
+	}
+
+	printf("nss parsing tests done\n");
+	exit(0);
+}
diff --git a/tests/tests/libsubid/04_nss/test_range b/tests/tests/libsubid/04_nss/test_range
new file mode 100755
index 0000000..ee25080
--- /dev/null
+++ b/tests/tests/libsubid/04_nss/test_range
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -x
+
+echo "starting check_range tests"
+
+export LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH
+touch /etc/nsswitch.conf
+mount --bind ./nsswitch3.conf /etc/nsswitch.conf
+cleanup1() {
+    umount /etc/nsswitch.conf
+}
+trap cleanup1 EXIT HUP INT TERM
+../../../src/check_subid_range user1 u 100000 65535
+if [ $? -ne 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range user2 u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range unknown u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range error u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+../../../src/check_subid_range user1 u 1000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+
+umount /etc/nsswitch.conf
+
+mount --bind ./nsswitch1.conf /etc/nsswitch.conf
+touch /etc/subuid /etc/subgid
+mount --bind ./empty /etc/subuid
+
+cleanup2() {
+    umount /etc/subuid
+    umount /etc/nsswitch.conf
+}
+trap cleanup2 EXIT HUP INT TERM
+../../../src/check_subid_range user1 u 100000 65535
+if [ $? -eq 0 ]; then
+    exit 1
+fi
+
+echo "check_range tests complete"
+exit 0
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config.txt b/tests/tests/log/faillog/01_faillog_no_faillog/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/group b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/passwd b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/shadow b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/data/faillog.err b/tests/tests/log/faillog/01_faillog_no_faillog/data/faillog.err
new file mode 100644
index 0000000..501b7cd
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/data/faillog.err
@@ -0,0 +1 @@
+faillog: Cannot open /var/log/faillog: No such file or directory
diff --git a/tests/tests/log/faillog/01_faillog_no_faillog/faillog.test b/tests/tests/log/faillog/01_faillog_no_faillog/faillog.test
new file mode 100755
index 0000000..716bbf1
--- /dev/null
+++ b/tests/tests/log/faillog/01_faillog_no_faillog/faillog.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog detects missing /var/log/faillog and does not create it"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/faillog' 0
+
+change_config
+
+echo -n "Remove /var/log/faillog (it will not be restored)..."
+rm -f /var/log/faillog
+echo "OK"
+
+echo -n "Execute faillog (faillog)..."
+faillog 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "usage message OK."
+rm -f tmp/faillog.err
+
+echo -n "Check that the /var/log/faillog file was not created"...
+test ! -f /var/log/faillog
+echo "OK"
+
+touch /var/log/faillog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/02_faillog_usage/config.txt b/tests/tests/log/faillog/02_faillog_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/group b/tests/tests/log/faillog/02_faillog_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/gshadow b/tests/tests/log/faillog/02_faillog_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/passwd b/tests/tests/log/faillog/02_faillog_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/02_faillog_usage/config/etc/shadow b/tests/tests/log/faillog/02_faillog_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/02_faillog_usage/data/usage.out b/tests/tests/log/faillog/02_faillog_usage/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/02_faillog_usage/faillog.test b/tests/tests/log/faillog/02_faillog_usage/faillog.test
new file mode 100755
index 0000000..b9a0b9c
--- /dev/null
+++ b/tests/tests/log/faillog/02_faillog_usage/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog -h)..."
+faillog -h >tmp/usage.out
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/03_faillog_format/config.txt b/tests/tests/log/faillog/03_faillog_format/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/group b/tests/tests/log/faillog/03_faillog_format/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/gshadow b/tests/tests/log/faillog/03_faillog_format/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/pam.d/login b/tests/tests/log/faillog/03_faillog_format/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/passwd b/tests/tests/log/faillog/03_faillog_format/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/log/faillog/03_faillog_format/config/etc/shadow b/tests/tests/log/faillog/03_faillog_format/config/etc/shadow
new file mode 100644
index 0000000..3b8a1ed
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:pass:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/03_faillog_format/data/faillog.out b/tests/tests/log/faillog/03_faillog_format/data/faillog.out
new file mode 100644
index 0000000..5855881
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/data/faillog.out
@@ -0,0 +1,2 @@
+Login       Failures Maximum Latest                   On
+
diff --git a/tests/tests/log/faillog/03_faillog_format/data/lastlog.out b/tests/tests/log/faillog/03_faillog_format/data/lastlog.out
new file mode 100644
index 0000000..280e1ab
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/data/lastlog.out
@@ -0,0 +1,20 @@
+Username         Port     From             Latest
+root                                       **Never logged in**
+daemon                                     **Never logged in**
+bin                                        **Never logged in**
+sys                                        **Never logged in**
+sync                                       **Never logged in**
+games                                      **Never logged in**
+man                                        **Never logged in**
+lp                                         **Never logged in**
+mail                                       **Never logged in**
+news                                       **Never logged in**
+uucp                                       **Never logged in**
+proxy                                      **Never logged in**
+www-data                                   **Never logged in**
+backup                                     **Never logged in**
+list                                       **Never logged in**
+irc                                        **Never logged in**
+gnats                                      **Never logged in**
+nobody                                     **Never logged in**
+Debian-exim                                **Never logged in**
diff --git a/tests/tests/log/faillog/03_faillog_format/faillog.test b/tests/tests/log/faillog/03_faillog_format/faillog.test
new file mode 100755
index 0000000..489776e
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+cp data/faillog.out tmp/faillog.out1
+cp data/faillog.out tmp/faillog.out2
+TTY=$(ls /dev/pts | sort -n|tail -1)
+TTY=$((TTY+1))
+
+DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
+# pam_tally do not report the line of failure ?
+printf "%-9s   %5d    %5d   %s  %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out1
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+DATE=$(LC_ALL=C date +"%D %H:%M:%S %z")
+# pam_tally do not report the line of failure ?
+printf "%-9s   %5d    %5d   %s  %s\n" foo 1 0 "$DATE" "">> tmp/faillog.out2
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+diff -au tmp/faillog.out tmp/faillog.out1 || diff -au tmp/faillog.out tmp/faillog.out2
+echo "faillog message OK."
+rm -f tmp/faillog.out tmp/faillog.out1 tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/03_faillog_format/login.exp b/tests/tests/log/faillog/03_faillog_format/login.exp
new file mode 100755
index 0000000..4226743
--- /dev/null
+++ b/tests/tests/log/faillog/03_faillog_format/login.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config.txt b/tests/tests/log/faillog/04_faillog_multiple/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/group b/tests/tests/log/faillog/04_faillog_multiple/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/gshadow b/tests/tests/log/faillog/04_faillog_multiple/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/pam.d/login b/tests/tests/log/faillog/04_faillog_multiple/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/passwd b/tests/tests/log/faillog/04_faillog_multiple/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/04_faillog_multiple/config/etc/shadow b/tests/tests/log/faillog/04_faillog_multiple/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/04_faillog_multiple/data/faillog.list b/tests/tests/log/faillog/04_faillog_multiple/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/04_faillog_multiple/faillog.test b/tests/tests/log/faillog/04_faillog_multiple/faillog.test
new file mode 100755
index 0000000..2184ee8
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/faillog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/04_faillog_multiple/login.exp b/tests/tests/log/faillog/04_faillog_multiple/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/04_faillog_multiple/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config.txt b/tests/tests/log/faillog/05_faillog-u_ID/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/group b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/gshadow b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/passwd b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/config/etc/shadow b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/data/faillog.list b/tests/tests/log/faillog/05_faillog-u_ID/data/faillog.list
new file mode 100644
index 0000000..3a1241d
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/data/faillog.list
@@ -0,0 +1,3 @@
+Login       Failures Maximum
+
+bar             0        0  
diff --git a/tests/tests/log/faillog/05_faillog-u_ID/faillog.test b/tests/tests/log/faillog/05_faillog-u_ID/faillog.test
new file mode 100755
index 0000000..42382d0
--- /dev/null
+++ b/tests/tests/log/faillog/05_faillog-u_ID/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 1001..."
+faillog -u 1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config.txt b/tests/tests/log/faillog/06_faillog-u_name/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/group b/tests/tests/log/faillog/06_faillog-u_name/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/gshadow b/tests/tests/log/faillog/06_faillog-u_name/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/passwd b/tests/tests/log/faillog/06_faillog-u_name/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/06_faillog-u_name/config/etc/shadow b/tests/tests/log/faillog/06_faillog-u_name/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/06_faillog-u_name/data/faillog.list b/tests/tests/log/faillog/06_faillog-u_name/data/faillog.list
new file mode 100644
index 0000000..a635b62
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/data/faillog.list
@@ -0,0 +1,3 @@
+Login
+
+baz
diff --git a/tests/tests/log/faillog/06_faillog-u_name/faillog.test b/tests/tests/log/faillog/06_faillog-u_name/faillog.test
new file mode 100755
index 0000000..1061e20
--- /dev/null
+++ b/tests/tests/log/faillog/06_faillog-u_name/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u baz..."
+faillog -u baz> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/faillog.out | cut -d" " -f1 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config.txt b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list b/tests/tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/data/faillog.list
diff --git a/tests/tests/log/faillog/07_faillog-u_ID_invalid/faillog.test b/tests/tests/log/faillog/07_faillog-u_ID_invalid/faillog.test
new file mode 100755
index 0000000..7f8bd7b
--- /dev/null
+++ b/tests/tests/log/faillog/07_faillog-u_ID_invalid/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 1003..."
+faillog -u 1003> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+diff -au data/faillog.list tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config.txt b/tests/tests/log/faillog/08_faillog-u_name_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/group b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err b/tests/tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err
new file mode 100644
index 0000000..402e2c6
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: me
diff --git a/tests/tests/log/faillog/08_faillog-u_name_invalid/faillog.test b/tests/tests/log/faillog/08_faillog-u_name_invalid/faillog.test
new file mode 100755
index 0000000..8b2348c
--- /dev/null
+++ b/tests/tests/log/faillog/08_faillog-u_name_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u me..."
+faillog -u me 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config.txt b/tests/tests/log/faillog/09_faillog-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/group b/tests/tests/log/faillog/09_faillog-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/gshadow b/tests/tests/log/faillog/09_faillog-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/passwd b/tests/tests/log/faillog/09_faillog-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/09_faillog-u_range/config/etc/shadow b/tests/tests/log/faillog/09_faillog-u_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/09_faillog-u_range/data/faillog.list b/tests/tests/log/faillog/09_faillog-u_range/data/faillog.list
new file mode 100644
index 0000000..c4984b9
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/data/faillog.list
@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+irc             1        0  
+foo             1        0  
diff --git a/tests/tests/log/faillog/09_faillog-u_range/faillog.test b/tests/tests/log/faillog/09_faillog-u_range/faillog.test
new file mode 100755
index 0000000..53ef9f6
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/faillog.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as irc..."
+./login.exp irc
+echo "OK"
+
+echo -n "faillog -u 38-1001..."
+faillog -u 38-1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/09_faillog-u_range/login.exp b/tests/tests/log/faillog/09_faillog-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/09_faillog-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config.txt b/tests/tests/log/faillog/10_faillog-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/group b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/passwd b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/shadow b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/data/faillog.list b/tests/tests/log/faillog/10_faillog-u_open_range/data/faillog.list
new file mode 100644
index 0000000..a6afb8c
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/data/faillog.list
@@ -0,0 +1,22 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+Debian-exim       0        0
+foo             0        0  
diff --git a/tests/tests/log/faillog/10_faillog-u_open_range/faillog.test b/tests/tests/log/faillog/10_faillog-u_open_range/faillog.test
new file mode 100755
index 0000000..9587bb9
--- /dev/null
+++ b/tests/tests/log/faillog/10_faillog-u_open_range/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog supports open ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u -1001..."
+faillog -a -u -1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config.txt b/tests/tests/log/faillog/11_faillog-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/group b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/passwd b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/shadow b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/data/faillog.list b/tests/tests/log/faillog/11_faillog-u_range_open/data/faillog.list
new file mode 100644
index 0000000..555ada5
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/data/faillog.list
@@ -0,0 +1,10 @@
+Login       Failures Maximum
+
+bar             0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/11_faillog-u_range_open/faillog.test b/tests/tests/log/faillog/11_faillog-u_range_open/faillog.test
new file mode 100755
index 0000000..30c7728
--- /dev/null
+++ b/tests/tests/log/faillog/11_faillog-u_range_open/faillog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog supports open ranges (2)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u 38-..."
+faillog -a -u 38-> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config.txt b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err b/tests/tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err
new file mode 100644
index 0000000..56b4173
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: foo-bar
diff --git a/tests/tests/log/faillog/12_faillog-u_range_invalid1/faillog.test b/tests/tests/log/faillog/12_faillog-u_range_invalid1/faillog.test
new file mode 100755
index 0000000..9a73394
--- /dev/null
+++ b/tests/tests/log/faillog/12_faillog-u_range_invalid1/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u foo-bar..."
+faillog -u foo-bar 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config.txt b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err b/tests/tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err
new file mode 100644
index 0000000..e9f6720
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: foo-
diff --git a/tests/tests/log/faillog/13_faillog-u_range_invalid2/faillog.test b/tests/tests/log/faillog/13_faillog-u_range_invalid2/faillog.test
new file mode 100755
index 0000000..14f7170
--- /dev/null
+++ b/tests/tests/log/faillog/13_faillog-u_range_invalid2/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u foo-..."
+faillog -u foo- 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config.txt b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/gshadow b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/passwd b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/shadow b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/data/faillog.err b/tests/tests/log/faillog/14_faillog-u_range_invalid3/data/faillog.err
new file mode 100644
index 0000000..33c3b8c
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/data/faillog.err
@@ -0,0 +1 @@
+faillog: Unknown user or range: -foo
diff --git a/tests/tests/log/faillog/14_faillog-u_range_invalid3/faillog.test b/tests/tests/log/faillog/14_faillog-u_range_invalid3/faillog.test
new file mode 100755
index 0000000..fdd0027
--- /dev/null
+++ b/tests/tests/log/faillog/14_faillog-u_range_invalid3/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -u -foo..."
+faillog -u -foo 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config.txt b/tests/tests/log/faillog/15_faillog_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/group b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/gshadow b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/passwd b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/config/etc/shadow b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/data/usage.out b/tests/tests/log/faillog/15_faillog_bad_option/data/usage.out
new file mode 100644
index 0000000..0644274
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/data/usage.out
@@ -0,0 +1,15 @@
+faillog: invalid option -- 'Z'
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/15_faillog_bad_option/faillog.test b/tests/tests/log/faillog/15_faillog_bad_option/faillog.test
new file mode 100755
index 0000000..3e566cd
--- /dev/null
+++ b/tests/tests/log/faillog/15_faillog_bad_option/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog -Z)..."
+faillog -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config.txt b/tests/tests/log/faillog/16_faillog_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/group b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/gshadow b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/passwd b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/shadow b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/data/usage.out b/tests/tests/log/faillog/16_faillog_extra_arg/data/usage.out
new file mode 100644
index 0000000..1ec1fa2
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/data/usage.out
@@ -0,0 +1,15 @@
+faillog: unexpected argument: foo
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/16_faillog_extra_arg/faillog.test b/tests/tests/log/faillog/16_faillog_extra_arg/faillog.test
new file mode 100755
index 0000000..09770ca
--- /dev/null
+++ b/tests/tests/log/faillog/16_faillog_extra_arg/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog checks if there are extra arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get faillog usage (faillog foo)..."
+faillog foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/17_faillog-t/config.txt b/tests/tests/log/faillog/17_faillog-t/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/group b/tests/tests/log/faillog/17_faillog-t/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/gshadow b/tests/tests/log/faillog/17_faillog-t/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/pam.d/login b/tests/tests/log/faillog/17_faillog-t/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/passwd b/tests/tests/log/faillog/17_faillog-t/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/17_faillog-t/config/etc/shadow b/tests/tests/log/faillog/17_faillog-t/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/17_faillog-t/data/faillog.list b/tests/tests/log/faillog/17_faillog-t/data/faillog.list
new file mode 100644
index 0000000..f5d3d8c
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/data/faillog.list
@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
diff --git a/tests/tests/log/faillog/17_faillog-t/faillog.test b/tests/tests/log/faillog/17_faillog-t/faillog.test
new file mode 100755
index 0000000..217a63b
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/faillog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=2 ./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=4 ./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog -t 3 > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/17_faillog-t/login.exp b/tests/tests/log/faillog/17_faillog-t/login.exp
new file mode 100755
index 0000000..45c2ea7
--- /dev/null
+++ b/tests/tests/log/faillog/17_faillog-t/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -p $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config.txt b/tests/tests/log/faillog/18_faillog-t_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/group b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/gshadow b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/passwd b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/shadow b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/data/faillog.err b/tests/tests/log/faillog/18_faillog-t_invalid/data/faillog.err
new file mode 100644
index 0000000..009c0f6
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: invalid numeric argument 'bad'
diff --git a/tests/tests/log/faillog/18_faillog-t_invalid/faillog.test b/tests/tests/log/faillog/18_faillog-t_invalid/faillog.test
new file mode 100755
index 0000000..0405bca
--- /dev/null
+++ b/tests/tests/log/faillog/18_faillog-t_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -t bad..."
+faillog -t bad 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config.txt b/tests/tests/log/faillog/19_faillog_multiple_same_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/group b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/gshadow b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/pam.d/login b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/passwd b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/shadow b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/data/faillog.list b/tests/tests/log/faillog/19_faillog_multiple_same_user/data/faillog.list
new file mode 100644
index 0000000..935d843
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             2        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/faillog.test b/tests/tests/log/faillog/19_faillog_multiple_same_user/faillog.test
new file mode 100755
index 0000000..21a6fff
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/faillog.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/19_faillog_multiple_same_user/login.exp b/tests/tests/log/faillog/19_faillog_multiple_same_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/19_faillog_multiple_same_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config.txt b/tests/tests/log/faillog/20_faillog-r-u/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/group b/tests/tests/log/faillog/20_faillog-r-u/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/gshadow b/tests/tests/log/faillog/20_faillog-r-u/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/pam.d/login b/tests/tests/log/faillog/20_faillog-r-u/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/passwd b/tests/tests/log/faillog/20_faillog-r-u/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/20_faillog-r-u/config/etc/shadow b/tests/tests/log/faillog/20_faillog-r-u/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/20_faillog-r-u/data/faillog.list b/tests/tests/log/faillog/20_faillog-r-u/data/faillog.list
new file mode 100644
index 0000000..12c3f70
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/20_faillog-r-u/faillog.test b/tests/tests/log/faillog/20_faillog-r-u/faillog.test
new file mode 100755
index 0000000..4aa3d90
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -r -u baz)..."
+faillog -r -u baz
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/20_faillog-r-u/login.exp b/tests/tests/log/faillog/20_faillog-r-u/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/20_faillog-r-u/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config.txt b/tests/tests/log/faillog/21_faillog-r-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/group b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/gshadow b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/passwd b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/shadow b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/data/faillog.list b/tests/tests/log/faillog/21_faillog-r-u_range/data/faillog.list
new file mode 100644
index 0000000..fd0df36
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             0        0  
+foo             0        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/faillog.test b/tests/tests/log/faillog/21_faillog-r-u_range/faillog.test
new file mode 100755
index 0000000..1b89358
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset users (faillog -r -u 1000-1001)..."
+faillog -r -u 1000-1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/21_faillog-r-u_range/login.exp b/tests/tests/log/faillog/21_faillog-r-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/21_faillog-r-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config.txt b/tests/tests/log/faillog/22_faillog_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/group b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/gshadow b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/passwd b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/config/etc/shadow b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/data/faillog.list b/tests/tests/log/faillog/22_faillog_removed_user/data/faillog.list
new file mode 100644
index 0000000..09f68d0
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/data/faillog.list
@@ -0,0 +1,4 @@
+Login       Failures Maximum
+
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/faillog.test b/tests/tests/log/faillog/22_faillog_removed_user/faillog.test
new file mode 100755
index 0000000..d72ee5b
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/22_faillog_removed_user/login.exp b/tests/tests/log/faillog/22_faillog_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/22_faillog_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config.txt b/tests/tests/log/faillog/23_faillog-a_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/group b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/gshadow b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/passwd b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/shadow b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/data/faillog.list b/tests/tests/log/faillog/23_faillog-a_removed_user/data/faillog.list
new file mode 100644
index 0000000..1eb072b
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/data/faillog.list
@@ -0,0 +1,23 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/faillog.test b/tests/tests/log/faillog/23_faillog-a_removed_user/faillog.test
new file mode 100755
index 0000000..c440672
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/23_faillog-a_removed_user/login.exp b/tests/tests/log/faillog/23_faillog-a_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/23_faillog-a_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config.txt b/tests/tests/log/faillog/24_faillog-u_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/group b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/gshadow b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/passwd b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/shadow b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/data/faillog.list b/tests/tests/log/faillog/24_faillog-u_removed_user/data/faillog.list
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/data/faillog.list
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/faillog.test b/tests/tests/log/faillog/24_faillog-u_removed_user/faillog.test
new file mode 100755
index 0000000..d1fff47
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -a -u 1001..."
+faillog -a -u 1001> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/24_faillog-u_removed_user/login.exp b/tests/tests/log/faillog/24_faillog-u_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/24_faillog-u_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config.txt b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/group b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/gshadow b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/passwd b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/shadow b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/data/faillog.list b/tests/tests/log/faillog/25_faillog-r-u_removed_user/data/faillog.list
new file mode 100644
index 0000000..1ad3edf
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/faillog.test b/tests/tests/log/faillog/25_faillog-r-u_removed_user/faillog.test
new file mode 100755
index 0000000..f48435a
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/faillog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 1000..."
+faillog -r -u 1000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/25_faillog-r-u_removed_user/login.exp b/tests/tests/log/faillog/25_faillog-r-u_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/25_faillog-r-u_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config.txt b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/group b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/gshadow b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/passwd b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/shadow b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/data/faillog.list b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/data/faillog.list
new file mode 100644
index 0000000..0f9aacf
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             1        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/faillog.test b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/faillog.test
new file mode 100755
index 0000000..5c140b9
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/faillog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 40-2000..."
+faillog -r -u 40-2000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/login.exp b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/26_faillog-r-u_range_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config.txt b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/group b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/gshadow b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/passwd b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/shadow b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/data/faillog.list b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/data/faillog.list
new file mode 100644
index 0000000..1ad3edf
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
new file mode 100755
index 0000000..ecf1f97
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp bar
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 40-2000..."
+faillog -a -r -u 40-2000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/login.exp b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/27_faillog-r-a-u_range_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config.txt b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/group b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/gshadow b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/passwd b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/shadow b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/data/faillog.list b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/data/faillog.list
new file mode 100644
index 0000000..3544ec4
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             1        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
new file mode 100755
index 0000000..5790ad9
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp bar
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u -1000..."
+faillog -a -r -u -1000
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/login.exp b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/28_faillog-r-a-u_open_range_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config.txt b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/group b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/gshadow b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/pam.d/login b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/passwd b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/shadow b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/data/faillog.list b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/data/faillog.list
new file mode 100644
index 0000000..0f9aacf
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/data/faillog.list
@@ -0,0 +1,24 @@
+Login       Failures Maximum
+
+root            0        0  
+daemon          0        0  
+bin             0        0  
+bar             0        0  
+sys             0        0  
+sync            0        0  
+games           0        0  
+man             0        0  
+lp              0        0  
+mail            0        0  
+news            0        0  
+uucp            0        0  
+proxy           0        0  
+www-data        0        0  
+backup          0        0  
+list            0        0  
+irc             0        0  
+gnats           0        0  
+nobody          0        0  
+Debian-exim       0        0
+foo             1        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
new file mode 100755
index 0000000..9579ca6
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp bar
+echo "OK"
+
+echo -n "Remove user bar from passwd and shadow..."
+cp -a /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^bar:/d' -i /etc/passwd
+sed -e '/^bar:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "faillog -r -u 1001-..."
+faillog -a -r -u 1001-
+echo "OK."
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc
+echo "OK"
+
+echo -n "faillog..."
+faillog -a> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/login.exp b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/29_faillog-r-a-u_range_open_removed_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/30_faillog-r/config.txt b/tests/tests/log/faillog/30_faillog-r/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/group b/tests/tests/log/faillog/30_faillog-r/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/gshadow b/tests/tests/log/faillog/30_faillog-r/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/pam.d/login b/tests/tests/log/faillog/30_faillog-r/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/passwd b/tests/tests/log/faillog/30_faillog-r/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/30_faillog-r/config/etc/shadow b/tests/tests/log/faillog/30_faillog-r/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/30_faillog-r/data/faillog.list b/tests/tests/log/faillog/30_faillog-r/data/faillog.list
new file mode 100644
index 0000000..d96a936
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             0        0  
+foo             0        0  
+baz             0        0  
diff --git a/tests/tests/log/faillog/30_faillog-r/faillog.test b/tests/tests/log/faillog/30_faillog-r/faillog.test
new file mode 100755
index 0000000..cfb441f
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -r)..."
+faillog -r
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/30_faillog-r/login.exp b/tests/tests/log/faillog/30_faillog-r/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/30_faillog-r/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config.txt b/tests/tests/log/faillog/31_faillog-r-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/group b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/passwd b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/shadow b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/data/faillog.list b/tests/tests/log/faillog/31_faillog-r-u_open_range/data/faillog.list
new file mode 100644
index 0000000..fd0df36
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             0        0  
+foo             0        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/faillog.test b/tests/tests/log/faillog/31_faillog-r-u_open_range/faillog.test
new file mode 100755
index 0000000..9eb7beb
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/faillog.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset users count (faillog -r -u -1001)..."
+faillog -r -u -1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/31_faillog-r-u_open_range/login.exp b/tests/tests/log/faillog/31_faillog-r-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/31_faillog-r-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/32_faillog-l/config.txt b/tests/tests/log/faillog/32_faillog-l/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/group b/tests/tests/log/faillog/32_faillog-l/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/gshadow b/tests/tests/log/faillog/32_faillog-l/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/pam.d/login b/tests/tests/log/faillog/32_faillog-l/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/passwd b/tests/tests/log/faillog/32_faillog-l/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/32_faillog-l/config/etc/shadow b/tests/tests/log/faillog/32_faillog-l/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/32_faillog-l/data/faillog.list b/tests/tests/log/faillog/32_faillog-l/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/32_faillog-l/faillog.test b/tests/tests/log/faillog/32_faillog-l/faillog.test
new file mode 100755
index 0000000..1e6360e
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10)..."
+faillog -l 10
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should between 6 and 8 secondes remaining for baz..."
+grep "^baz .* \[[678]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/32_faillog-l/login.exp b/tests/tests/log/faillog/32_faillog-l/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/32_faillog-l/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config.txt b/tests/tests/log/faillog/33_faillog-l-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/group b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/gshadow b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/passwd b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/shadow b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/data/faillog.list b/tests/tests/log/faillog/33_faillog-l-u_user/data/faillog.list
new file mode 100644
index 0000000..817ff45
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/data/faillog.list
@@ -0,0 +1 @@
+foo             1        0  
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/faillog.test b/tests/tests/log/faillog/33_faillog-l-u_user/faillog.test
new file mode 100755
index 0000000..f9ccf53
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/faillog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u foo)..."
+faillog -l 10 -u foo
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+grep "left\|lock" tmp/faillog.out | cut -c-28 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/33_faillog-l-u_user/login.exp b/tests/tests/log/faillog/33_faillog-l-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/33_faillog-l-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config.txt b/tests/tests/log/faillog/34_faillog-l-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/group b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/gshadow b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/passwd b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/shadow b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/data/faillog.list b/tests/tests/log/faillog/34_faillog-l-u_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/faillog.test b/tests/tests/log/faillog/34_faillog-l-u_range/faillog.test
new file mode 100755
index 0000000..980b95e
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u 1000-1001)..."
+faillog -l 10 -u 1000-1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 3 and 5 secondes remaining for bar..."
+grep "^bar .* \[[345]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/34_faillog-l-u_range/login.exp b/tests/tests/log/faillog/34_faillog-l-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/34_faillog-l-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config.txt b/tests/tests/log/faillog/35_faillog-l-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/group b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/passwd b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/shadow b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/data/faillog.list b/tests/tests/log/faillog/35_faillog-l-u_open_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/faillog.test b/tests/tests/log/faillog/35_faillog-l-u_open_range/faillog.test
new file mode 100755
index 0000000..3cc9655
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u -1001)..."
+faillog -l 10 -u -1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 2 and 5 secondes remaining for bar..."
+grep "^bar .* \[[2345]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/35_faillog-l-u_open_range/login.exp b/tests/tests/log/faillog/35_faillog-l-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/35_faillog-l-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config.txt b/tests/tests/log/faillog/36_faillog-l-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/group b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/passwd b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/shadow b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/data/faillog.list b/tests/tests/log/faillog/36_faillog-l-u_range_open/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/faillog.test b/tests/tests/log/faillog/36_faillog-l-u_range_open/faillog.test
new file mode 100755
index 0000000..caf0742
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/faillog.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -u 1000-1001)..."
+faillog -l 10 -u 1001-
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be 6 or 7 secondes remaining for baz..."
+grep "^baz .* \[[67]s left\]$" tmp/faillog.out
+echo "OK"
+echo "There should be 3 or 4 secondes remaining for bar..."
+grep "^bar .* \[[34]s left\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/36_faillog-l-u_range_open/login.exp b/tests/tests/log/faillog/36_faillog-l-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/36_faillog-l-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config.txt b/tests/tests/log/faillog/37_faillog-l-a-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/group b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/gshadow b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/passwd b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/shadow b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/data/faillog.list b/tests/tests/log/faillog/37_faillog-l-a-u_user/data/faillog.list
new file mode 100644
index 0000000..817ff45
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/data/faillog.list
@@ -0,0 +1 @@
+foo             1        0  
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/faillog.test b/tests/tests/log/faillog/37_faillog-l-a-u_user/faillog.test
new file mode 100755
index 0000000..9128abc
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/faillog.test
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user foo from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset old foo (faillog -l 10 -u 1000)..."
+faillog -l 10 -a -u 1000
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+grep "left\|lock" tmp/faillog.out | cut -c-28 > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/37_faillog-l-a-u_user/login.exp b/tests/tests/log/faillog/37_faillog-l-a-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/37_faillog-l-a-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config.txt b/tests/tests/log/faillog/38_faillog-l-a-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/group b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/gshadow b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/passwd b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/shadow b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/data/faillog.list b/tests/tests/log/faillog/38_faillog-l-a-u_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/faillog.test b/tests/tests/log/faillog/38_faillog-l-a-u_range/faillog.test
new file mode 100755
index 0000000..a585e17
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/faillog.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -a -u 1000-1001)..."
+faillog -l 10 -a -u 1000-1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 2 and 4 secondes remaining for bar..."
+grep "^bar .* \[[2-4]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/38_faillog-l-a-u_range/login.exp b/tests/tests/log/faillog/38_faillog-l-a-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/38_faillog-l-a-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config.txt b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/group b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/passwd b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/shadow b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/data/faillog.list b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/faillog.test b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/faillog.test
new file mode 100755
index 0000000..b81b396
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/faillog.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -l 10 -a -u -1001)..."
+faillog -l 10 -a -u -1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 2 and 4 secondes remaining for bar..."
+grep "^bar .* \[[234]s left\]$" tmp/faillog.out
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/39_faillog-l-a-u_open_range/login.exp b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/39_faillog-l-a-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config.txt b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/group b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/passwd b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/shadow b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/data/faillog.list b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/data/faillog.list
new file mode 100644
index 0000000..cb1d37b
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1        0  
+baz             1        0  
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/faillog.test b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/faillog.test
new file mode 100755
index 0000000..3f25fc5
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/faillog.test
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -a -l 10 -u 1001-)..."
+faillog -a -l 10 -u 1001-
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "There should be between 6 and 8 secondes remaining for baz..."
+grep "^baz .* \[[6-8]s left\]$" tmp/faillog.out
+echo "OK"
+echo "There should be between 2 and 4 secondes remaining for bar..."
+grep "^bar .* \[[2-4]s left\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/40_faillog-l-a-u_range_open/login.exp b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/40_faillog-l-a-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config.txt b/tests/tests/log/faillog/41_faillog-l_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/group b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/gshadow b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/passwd b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/shadow b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/data/faillog.err b/tests/tests/log/faillog/41_faillog-l_invalid/data/faillog.err
new file mode 100644
index 0000000..009c0f6
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: invalid numeric argument 'bad'
diff --git a/tests/tests/log/faillog/41_faillog-l_invalid/faillog.test b/tests/tests/log/faillog/41_faillog-l_invalid/faillog.test
new file mode 100755
index 0000000..3907eee
--- /dev/null
+++ b/tests/tests/log/faillog/41_faillog-l_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -l bad..."
+faillog -l bad 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/42_faillog-m/config.txt b/tests/tests/log/faillog/42_faillog-m/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/group b/tests/tests/log/faillog/42_faillog-m/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/gshadow b/tests/tests/log/faillog/42_faillog-m/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/pam.d/login b/tests/tests/log/faillog/42_faillog-m/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/passwd b/tests/tests/log/faillog/42_faillog-m/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/42_faillog-m/config/etc/shadow b/tests/tests/log/faillog/42_faillog-m/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/42_faillog-m/data/faillog.list b/tests/tests/log/faillog/42_faillog-m/data/faillog.list
new file mode 100644
index 0000000..29b7516
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1       10  
diff --git a/tests/tests/log/faillog/42_faillog-m/faillog.test b/tests/tests/log/faillog/42_faillog-m/faillog.test
new file mode 100755
index 0000000..867d41c
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10)..."
+faillog -m 10
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/42_faillog-m/login.exp b/tests/tests/log/faillog/42_faillog-m/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/42_faillog-m/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config.txt b/tests/tests/log/faillog/43_faillog-m-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/group b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/gshadow b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/passwd b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/shadow b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/data/faillog.list b/tests/tests/log/faillog/43_faillog-m-u_user/data/faillog.list
new file mode 100644
index 0000000..5ec2414
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/faillog.test b/tests/tests/log/faillog/43_faillog-m-u_user/faillog.test
new file mode 100755
index 0000000..d86c6ea
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u foo)..."
+faillog -m 10 -u foo
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/43_faillog-m-u_user/login.exp b/tests/tests/log/faillog/43_faillog-m-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/43_faillog-m-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config.txt b/tests/tests/log/faillog/44_faillog-m-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/group b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/gshadow b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/passwd b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/shadow b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/data/faillog.list b/tests/tests/log/faillog/44_faillog-m-u_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/faillog.test b/tests/tests/log/faillog/44_faillog-m-u_range/faillog.test
new file mode 100755
index 0000000..f410ac3
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u 1000-1001)..."
+faillog -m 10 -u 1000-1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/44_faillog-m-u_range/login.exp b/tests/tests/log/faillog/44_faillog-m-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/44_faillog-m-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config.txt b/tests/tests/log/faillog/45_faillog-m-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/group b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/passwd b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/shadow b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/data/faillog.list b/tests/tests/log/faillog/45_faillog-m-u_open_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/faillog.test b/tests/tests/log/faillog/45_faillog-m-u_open_range/faillog.test
new file mode 100755
index 0000000..77d9202
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can set the maximum number of fail logins for a range of users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u -1001)..."
+faillog -m 10 -u -1001
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/45_faillog-m-u_open_range/login.exp b/tests/tests/log/faillog/45_faillog-m-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/45_faillog-m-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config.txt b/tests/tests/log/faillog/46_faillog-m-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/group b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/passwd b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/shadow b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/data/faillog.list b/tests/tests/log/faillog/46_faillog-m-u_range_open/data/faillog.list
new file mode 100644
index 0000000..ea0845d
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1        0  
+baz             1       10  
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/faillog.test b/tests/tests/log/faillog/46_faillog-m-u_range_open/faillog.test
new file mode 100755
index 0000000..0bed617
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can set the maximum number of fail logins for a range of users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -u 1000-1001)..."
+faillog -m 10 -u 1001-
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/46_faillog-m-u_range_open/login.exp b/tests/tests/log/faillog/46_faillog-m-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/46_faillog-m-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config.txt b/tests/tests/log/faillog/47_faillog-m-a-u_user/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/group b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/gshadow b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/pam.d/login b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/passwd b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/shadow b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/data/faillog.list b/tests/tests/log/faillog/47_faillog-m-a-u_user/data/faillog.list
new file mode 100644
index 0000000..5ec2414
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1        0  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/faillog.test b/tests/tests/log/faillog/47_faillog-m-a-u_user/faillog.test
new file mode 100755
index 0000000..64d7f6c
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog can set the maximum number an removed user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 2
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove user foo from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset old foo (faillog -m 10 -a -u 1000)..."
+faillog -m 10 -a -u 1000
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/47_faillog-m-a-u_user/login.exp b/tests/tests/log/faillog/47_faillog-m-a-u_user/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/47_faillog-m-a-u_user/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config.txt b/tests/tests/log/faillog/48_faillog-m-a-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/group b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/gshadow b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/pam.d/login b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/passwd b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/shadow b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/data/faillog.list b/tests/tests/log/faillog/48_faillog-m-a-u_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/faillog.test b/tests/tests/log/faillog/48_faillog-m-a-u_range/faillog.test
new file mode 100755
index 0000000..cd35f27
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -a -u 1000-1001)..."
+faillog -m 10 -a -u 1000-1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/48_faillog-m-a-u_range/login.exp b/tests/tests/log/faillog/48_faillog-m-a-u_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/48_faillog-m-a-u_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config.txt b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/group b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/gshadow b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/pam.d/login b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/passwd b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/shadow b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/data/faillog.list b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/data/faillog.list
new file mode 100644
index 0000000..9af27b0
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1       10  
+baz             1        0  
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/faillog.test b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/faillog.test
new file mode 100755
index 0000000..8b865b3
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -a -u -1001)..."
+faillog -m 10 -a -u -1001
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/49_faillog-m-a-u_open_range/login.exp b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/49_faillog-m-a-u_open_range/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config.txt b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/group b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/gshadow b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/pam.d/login b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/passwd b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/shadow b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/data/faillog.list b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/data/faillog.list
new file mode 100644
index 0000000..ea0845d
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/data/faillog.list
@@ -0,0 +1,5 @@
+Login       Failures Maximum
+
+bar             1       10  
+foo             1        0  
+baz             1       10  
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/faillog.test b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/faillog.test
new file mode 100755
index 0000000..c315f7c
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/faillog.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+sleep 1
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "Remove users foo, bar, baz from passwd and shadow..."
+cp /etc/passwd /etc/shadow tmp/
+sed -e '/^(foo|bar|baz):/d' -i /etc/passwd
+sed -e '/^(foo|bar|baz):/d' -i /etc/shadow
+echo "OK"
+
+echo -n "reset baz (faillog -m 10 -a -u 1001-)..."
+faillog -m 10 -a -u 1001-
+echo "OK"
+
+echo -n "Restore user foo..."
+mv tmp/passwd tmp/shadow /etc/
+echo "OK"
+
+echo -n "faillog..."
+faillog > tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/50_faillog-m-a-u_range_open/login.exp b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/50_faillog-m-a-u_range_open/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config.txt b/tests/tests/log/faillog/51_faillog-m_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/group b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/gshadow b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/passwd b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/shadow b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/data/faillog.err b/tests/tests/log/faillog/51_faillog-m_invalid/data/faillog.err
new file mode 100644
index 0000000..009c0f6
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/data/faillog.err
@@ -0,0 +1 @@
+faillog: invalid numeric argument 'bad'
diff --git a/tests/tests/log/faillog/51_faillog-m_invalid/faillog.test b/tests/tests/log/faillog/51_faillog-m_invalid/faillog.test
new file mode 100755
index 0000000..9e49dbc
--- /dev/null
+++ b/tests/tests/log/faillog/51_faillog-m_invalid/faillog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "faillog -m bad..."
+faillog -m bad 2>tmp/faillog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/faillog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/faillog.err tmp/faillog.err
+echo "message OK."
+rm -f tmp/faillog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config.txt b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/group b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/gshadow b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/passwd b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/shadow b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/data/usage.out b/tests/tests/log/faillog/52_faillog-t-l_exclusive/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/52_faillog-t-l_exclusive/faillog.test b/tests/tests/log/faillog/52_faillog-t-l_exclusive/faillog.test
new file mode 100755
index 0000000..2730e58
--- /dev/null
+++ b/tests/tests/log/faillog/52_faillog-t-l_exclusive/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog does not accept -l and -t at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Bad faillog usage (faillog -t 10 -l 10)..."
+faillog -t 10 -l 10 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config.txt b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/group b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/gshadow b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/passwd b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/shadow b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/data/usage.out b/tests/tests/log/faillog/53_faillog-t-m_exclusive/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/53_faillog-t-m_exclusive/faillog.test b/tests/tests/log/faillog/53_faillog-t-m_exclusive/faillog.test
new file mode 100755
index 0000000..2e6161e
--- /dev/null
+++ b/tests/tests/log/faillog/53_faillog-t-m_exclusive/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog does not accept -m and -t at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Bad faillog usage (faillog -t 1 -m 1)..."
+faillog -t 1 -m 1 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config.txt b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/group b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/gshadow b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/passwd b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/shadow b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/data/usage.out b/tests/tests/log/faillog/54_faillog-t-r_exclusive/data/usage.out
new file mode 100644
index 0000000..d5d2839
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/data/usage.out
@@ -0,0 +1,14 @@
+Usage: faillog [options]
+
+Options:
+  -a, --all                     display faillog records for all users
+  -h, --help                    display this help message and exit
+  -l, --lock-secs SEC           after failed login lock account for SEC seconds
+  -m, --maximum MAX             set maximum failed login counters to MAX
+  -r, --reset                   reset the counters of login failures
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               display faillog records more recent than DAYS
+  -u, --user LOGIN/RANGE        display faillog record or maintains failure
+                                counters and limits (if used with -r, -m,
+                                or -l) only for the specified LOGIN(s)
+
diff --git a/tests/tests/log/faillog/54_faillog-t-r_exclusive/faillog.test b/tests/tests/log/faillog/54_faillog-t-r_exclusive/faillog.test
new file mode 100755
index 0000000..6e917d3
--- /dev/null
+++ b/tests/tests/log/faillog/54_faillog-t-r_exclusive/faillog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "faillog does not accept -r and -t at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Bad faillog usage (faillog -t -r)..."
+faillog -t 1 -r 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "faillog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config.txt b/tests/tests/log/faillog/55_faillog_no_changes/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/group b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/gshadow b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/pam.d/login b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/passwd b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/config/etc/shadow b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/data/faillog.stat b/tests/tests/log/faillog/55_faillog_no_changes/data/faillog.stat
new file mode 100644
index 0000000..fb96c4d
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/data/faillog.stat
@@ -0,0 +1 @@
+0 root:root `/var/log/faillog'
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/faillog.test b/tests/tests/log/faillog/55_faillog_no_changes/faillog.test
new file mode 100755
index 0000000..6be6fb7
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "reset baz (faillog -l 0 -m 0 -u baz)..."
+faillog -l 0 -m 0 -u baz
+echo "OK"
+
+echo -n "Check permissions and size of the faillog..."
+stat --printf "%s %U:%G %N\n" /var/log/faillog | sort > tmp/faillog.stat
+diff -rauN data/faillog.stat tmp/faillog.stat
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/55_faillog_no_changes/login.exp b/tests/tests/log/faillog/55_faillog_no_changes/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/55_faillog_no_changes/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config.txt b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/group b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/gshadow b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/pam.d/login b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/passwd b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/shadow b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/data/faillog.stat b/tests/tests/log/faillog/56_faillog-l-m_empty_file/data/faillog.stat
new file mode 100644
index 0000000..66b0df0
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/data/faillog.stat
@@ -0,0 +1 @@
+24072 root:root `/var/log/faillog'
diff --git a/tests/tests/log/faillog/56_faillog-l-m_empty_file/faillog.test b/tests/tests/log/faillog/56_faillog-l-m_empty_file/faillog.test
new file mode 100755
index 0000000..bb0ef15
--- /dev/null
+++ b/tests/tests/log/faillog/56_faillog-l-m_empty_file/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "reset baz (faillog -l 0 -m 0 -u baz)..."
+faillog -a -l 1 -m 1 -u 1000-1002
+echo "OK"
+
+echo -n "Check size of the faillog..."
+stat --printf "%s %U:%G %N\n" /var/log/faillog | sort > tmp/faillog.stat
+diff -rauN data/faillog.stat tmp/faillog.stat
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config.txt b/tests/tests/log/faillog/57_faillog-r_empty_file/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/group b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/gshadow b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/pam.d/login b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/passwd b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/shadow b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/data/faillog.stat b/tests/tests/log/faillog/57_faillog-r_empty_file/data/faillog.stat
new file mode 100644
index 0000000..fb96c4d
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/data/faillog.stat
@@ -0,0 +1 @@
+0 root:root `/var/log/faillog'
diff --git a/tests/tests/log/faillog/57_faillog-r_empty_file/faillog.test b/tests/tests/log/faillog/57_faillog-r_empty_file/faillog.test
new file mode 100755
index 0000000..f52f470
--- /dev/null
+++ b/tests/tests/log/faillog/57_faillog-r_empty_file/faillog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "reset baz (faillog -l 0 -m 0 -u baz)..."
+faillog -a -r -u 1000-1002
+echo "OK"
+
+echo -n "Check size of the faillog..."
+stat --printf "%s %U:%G %N\n" /var/log/faillog | sort > tmp/faillog.stat
+diff -rauN data/faillog.stat tmp/faillog.stat
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config.txt b/tests/tests/log/faillog/58_faillog-l_no_failcount/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/group b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/gshadow b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/pam.d/login b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/passwd b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/shadow b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/shadow
new file mode 100644
index 0000000..52721ac
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:a:12977:0:99999:7:::
+baz:b:12977:0:99999:7:::
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/data/faillog.list b/tests/tests/log/faillog/58_faillog-l_no_failcount/data/faillog.list
new file mode 100644
index 0000000..405c169
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/data/faillog.list
@@ -0,0 +1,3 @@
+Login       Failures Maximum
+
+foo             0        0  
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/faillog.test b/tests/tests/log/faillog/58_faillog-l_no_failcount/faillog.test
new file mode 100755
index 0000000..41e951f
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/faillog.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports the locktime even if timeout is not passwed when there are no failures"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "set locktime for foo (faillog -l 10 -u foo)..."
+faillog -l 10 -u foo
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+
+echo -n "Reset failure counter for foo..."
+faillog -r -u foo
+echo "OK"
+
+echo -n "faillog..."
+faillog -u foo> tmp/faillog.out
+echo "OK."
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Check the list of users with failures..."
+cut -c-28 tmp/faillog.out > tmp/faillog.list
+diff -au data/faillog.list tmp/faillog.list
+echo "OK"
+echo "The lock is displayed as 10s for foo..."
+grep "^foo .* \[10s lock\]$" tmp/faillog.out
+echo "OK."
+
+rm -f tmp/faillog.out tmp/faillog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/faillog/58_faillog-l_no_failcount/login.exp b/tests/tests/log/faillog/58_faillog-l_no_failcount/login.exp
new file mode 100755
index 0000000..f7841f6
--- /dev/null
+++ b/tests/tests/log/faillog/58_faillog-l_no_failcount/login.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login $user\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config.txt b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/group b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/gshadow b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/passwd b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/shadow b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/data/lastlog.err b/tests/tests/log/lastlog/01_lastlog_no_lastlog/data/lastlog.err
new file mode 100644
index 0000000..935fdb5
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/data/lastlog.err
@@ -0,0 +1 @@
+/var/log/lastlog: No such file or directory
diff --git a/tests/tests/log/lastlog/01_lastlog_no_lastlog/lastlog.test b/tests/tests/log/lastlog/01_lastlog_no_lastlog/lastlog.test
new file mode 100755
index 0000000..d903f88
--- /dev/null
+++ b/tests/tests/log/lastlog/01_lastlog_no_lastlog/lastlog.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog detects missing /var/log/lastlog and does not create it"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/lastlog' 0
+
+change_config
+
+echo -n "Remove /var/log/lastlog (it will not be restored)..."
+rm -f /var/log/lastlog
+echo "OK"
+
+echo -n "Execute lastlog (lastlog)..."
+lastlog 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "usage message OK."
+rm -f tmp/lastlog.err
+
+echo -n "Check that the /var/log/lastlog file was not created"...
+test ! -f /var/log/lastlog
+echo "OK"
+
+touch /var/log/lastlog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config.txt b/tests/tests/log/lastlog/02_lastlog_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/group b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/gshadow b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/passwd b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/config/etc/shadow b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/data/usage.out b/tests/tests/log/lastlog/02_lastlog_usage/data/usage.out
new file mode 100644
index 0000000..410197e
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/data/usage.out
@@ -0,0 +1,9 @@
+Usage: lastlog [options]
+
+Options:
+  -b, --before DAYS             print only lastlog records older than DAYS
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               print only lastlog records more recent than DAYS
+  -u, --user LOGIN              print lastlog record of the specified LOGIN
+
diff --git a/tests/tests/log/lastlog/02_lastlog_usage/lastlog.test b/tests/tests/log/lastlog/02_lastlog_usage/lastlog.test
new file mode 100755
index 0000000..344a104
--- /dev/null
+++ b/tests/tests/log/lastlog/02_lastlog_usage/lastlog.test
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get lastlog usage (lastlog -h)..."
+lastlog -h >tmp/usage.out
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config.txt b/tests/tests/log/lastlog/03_lastlog_format/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/group b/tests/tests/log/lastlog/03_lastlog_format/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/gshadow b/tests/tests/log/lastlog/03_lastlog_format/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/passwd b/tests/tests/log/lastlog/03_lastlog_format/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/log/lastlog/03_lastlog_format/config/etc/shadow b/tests/tests/log/lastlog/03_lastlog_format/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/03_lastlog_format/data/lastlog.out b/tests/tests/log/lastlog/03_lastlog_format/data/lastlog.out
new file mode 100644
index 0000000..280e1ab
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/data/lastlog.out
@@ -0,0 +1,20 @@
+Username         Port     From             Latest
+root                                       **Never logged in**
+daemon                                     **Never logged in**
+bin                                        **Never logged in**
+sys                                        **Never logged in**
+sync                                       **Never logged in**
+games                                      **Never logged in**
+man                                        **Never logged in**
+lp                                         **Never logged in**
+mail                                       **Never logged in**
+news                                       **Never logged in**
+uucp                                       **Never logged in**
+proxy                                      **Never logged in**
+www-data                                   **Never logged in**
+backup                                     **Never logged in**
+list                                       **Never logged in**
+irc                                        **Never logged in**
+gnats                                      **Never logged in**
+nobody                                     **Never logged in**
+Debian-exim                                **Never logged in**
diff --git a/tests/tests/log/lastlog/03_lastlog_format/lastlog.test b/tests/tests/log/lastlog/03_lastlog_format/lastlog.test
new file mode 100755
index 0000000..b59c19b
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/lastlog.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+cp data/lastlog.out tmp/lastlog.out1
+cp data/lastlog.out tmp/lastlog.out2
+TTY=0
+while true
+do
+	[ ! -e /dev/pts/$TTY ] && break
+	TTY=$((TTY+1))
+done
+	
+
+DATE=$(LC_ALL=C date +"%a %b %e %H:%M:%S %z %Y")
+printf "%-16s %-8.8s %-16.16s %s\n" foo "pts/$TTY" "" "$DATE" >> tmp/lastlog.out1
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+DATE=$(LC_ALL=C date +"%a %b %e %H:%M:%S %z %Y")
+printf "%-16s %-8.8s %-16.16s %s\n" foo "pts/$TTY" "" "$DATE" >> tmp/lastlog.out2
+
+echo -n "lastlog..."
+lastlog > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the lastlog message..."
+diff -au tmp/lastlog.out tmp/lastlog.out1 || diff -au tmp/lastlog.out tmp/lastlog.out2
+echo "lastlog message OK."
+rm -f tmp/lastlog.out tmp/lastlog.out1 tmp/lastlog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/03_lastlog_format/login.exp b/tests/tests/log/lastlog/03_lastlog_format/login.exp
new file mode 100755
index 0000000..e534fe5
--- /dev/null
+++ b/tests/tests/log/lastlog/03_lastlog_format/login.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f foo\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config.txt b/tests/tests/log/lastlog/04_lastlog_multiple/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/group b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/gshadow b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/passwd b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/shadow b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/data/lastlog.list b/tests/tests/log/lastlog/04_lastlog_multiple/data/lastlog.list
new file mode 100644
index 0000000..ae27a13
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/data/lastlog.list
@@ -0,0 +1,4 @@
+Username
+bar
+foo
+baz
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/lastlog.test b/tests/tests/log/lastlog/04_lastlog_multiple/lastlog.test
new file mode 100755
index 0000000..630c7f5
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/lastlog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+./login.exp baz
+echo "OK"
+
+echo -n "lastlog..."
+lastlog > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | grep -v "Never logged in" | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/04_lastlog_multiple/login.exp b/tests/tests/log/lastlog/04_lastlog_multiple/login.exp
new file mode 100755
index 0000000..e6a4345
--- /dev/null
+++ b/tests/tests/log/lastlog/04_lastlog_multiple/login.exp
@@ -0,0 +1,19 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f $user\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config.txt b/tests/tests/log/lastlog/05_lastlog-u_ID/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/group b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/gshadow b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/passwd b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/shadow b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/data/lastlog.list b/tests/tests/log/lastlog/05_lastlog-u_ID/data/lastlog.list
new file mode 100644
index 0000000..aa542b8
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/data/lastlog.list
@@ -0,0 +1,2 @@
+Username
+bar
diff --git a/tests/tests/log/lastlog/05_lastlog-u_ID/lastlog.test b/tests/tests/log/lastlog/05_lastlog-u_ID/lastlog.test
new file mode 100755
index 0000000..b1de502
--- /dev/null
+++ b/tests/tests/log/lastlog/05_lastlog-u_ID/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 1001..."
+lastlog -u 1001> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config.txt b/tests/tests/log/lastlog/06_lastlog-u_name/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/group b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/gshadow b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/passwd b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/shadow b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/data/lastlog.list b/tests/tests/log/lastlog/06_lastlog-u_name/data/lastlog.list
new file mode 100644
index 0000000..f886a83
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/data/lastlog.list
@@ -0,0 +1,2 @@
+Username
+baz
diff --git a/tests/tests/log/lastlog/06_lastlog-u_name/lastlog.test b/tests/tests/log/lastlog/06_lastlog-u_name/lastlog.test
new file mode 100755
index 0000000..b17312a
--- /dev/null
+++ b/tests/tests/log/lastlog/06_lastlog-u_name/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u baz..."
+lastlog -u baz> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config.txt b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/group b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/gshadow b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/passwd b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/shadow b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/data/lastlog.list b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/data/lastlog.list
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/data/lastlog.list
diff --git a/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/lastlog.test b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
new file mode 100755
index 0000000..36d1a2a
--- /dev/null
+++ b/tests/tests/log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 1003..."
+lastlog -u 1003> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+diff -au data/lastlog.list tmp/lastlog.out
+echo "OK."
+
+rm -f tmp/lastlog.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config.txt b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/group b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/gshadow b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/passwd b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/shadow b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/data/lastlog.err b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/data/lastlog.err
new file mode 100644
index 0000000..c604c0e
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: me
diff --git a/tests/tests/log/lastlog/08_lastlog-u_name_invalid/lastlog.test b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/lastlog.test
new file mode 100755
index 0000000..66fdad0
--- /dev/null
+++ b/tests/tests/log/lastlog/08_lastlog-u_name_invalid/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u me..."
+lastlog -u me 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config.txt b/tests/tests/log/lastlog/09_lastlog-u_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/group b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/gshadow b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/passwd b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/shadow b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/data/lastlog.list b/tests/tests/log/lastlog/09_lastlog-u_range/data/lastlog.list
new file mode 100644
index 0000000..0d06c77
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/data/lastlog.list
@@ -0,0 +1,7 @@
+Username
+bar
+list
+irc
+gnats
+Debian-exim
+foo
diff --git a/tests/tests/log/lastlog/09_lastlog-u_range/lastlog.test b/tests/tests/log/lastlog/09_lastlog-u_range/lastlog.test
new file mode 100755
index 0000000..232d088
--- /dev/null
+++ b/tests/tests/log/lastlog/09_lastlog-u_range/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 38-1001..."
+lastlog -u 38-1001> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config.txt b/tests/tests/log/lastlog/10_lastlog-u_open_range/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/group b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/gshadow b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/passwd b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/shadow b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/data/lastlog.list b/tests/tests/log/lastlog/10_lastlog-u_open_range/data/lastlog.list
new file mode 100644
index 0000000..692874a
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/data/lastlog.list
@@ -0,0 +1,21 @@
+Username
+root
+daemon
+bin
+bar
+sys
+sync
+games
+man
+lp
+mail
+news
+uucp
+proxy
+www-data
+backup
+list
+irc
+gnats
+Debian-exim
+foo
diff --git a/tests/tests/log/lastlog/10_lastlog-u_open_range/lastlog.test b/tests/tests/log/lastlog/10_lastlog-u_open_range/lastlog.test
new file mode 100755
index 0000000..5bc3d6b
--- /dev/null
+++ b/tests/tests/log/lastlog/10_lastlog-u_open_range/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog supports open ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u -1001..."
+lastlog -u -1001> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config.txt b/tests/tests/log/lastlog/11_lastlog-u_range_open/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/group b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/gshadow b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/passwd b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/shadow b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/data/lastlog.list b/tests/tests/log/lastlog/11_lastlog-u_range_open/data/lastlog.list
new file mode 100644
index 0000000..4ad4379
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/data/lastlog.list
@@ -0,0 +1,9 @@
+Username
+bar
+list
+irc
+gnats
+nobody
+Debian-exim
+foo
+baz
diff --git a/tests/tests/log/lastlog/11_lastlog-u_range_open/lastlog.test b/tests/tests/log/lastlog/11_lastlog-u_range_open/lastlog.test
new file mode 100755
index 0000000..ab36308
--- /dev/null
+++ b/tests/tests/log/lastlog/11_lastlog-u_range_open/lastlog.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog supports open ranges (2)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u 38-..."
+lastlog -u 38-> tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config.txt b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/group b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/gshadow b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/passwd b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/shadow b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/data/lastlog.err b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/data/lastlog.err
new file mode 100644
index 0000000..1341607
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: foo-bar
diff --git a/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/lastlog.test b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
new file mode 100755
index 0000000..85879b2
--- /dev/null
+++ b/tests/tests/log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u foo-bar..."
+lastlog -u foo-bar 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config.txt b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/group b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/gshadow b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/passwd b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/shadow b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/data/lastlog.err b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/data/lastlog.err
new file mode 100644
index 0000000..cff222b
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: foo-
diff --git a/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/lastlog.test b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
new file mode 100755
index 0000000..6d6d09b
--- /dev/null
+++ b/tests/tests/log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u foo-..."
+lastlog -u foo- 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config.txt b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/group b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/gshadow b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/passwd b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/shadow b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/data/lastlog.err b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/data/lastlog.err
new file mode 100644
index 0000000..999f9a2
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: Unknown user or range: -foo
diff --git a/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/lastlog.test b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
new file mode 100755
index 0000000..6cd61ef
--- /dev/null
+++ b/tests/tests/log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -u -foo..."
+lastlog -u -foo 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config.txt b/tests/tests/log/lastlog/15_lastlog_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/group b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/gshadow b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/passwd b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/shadow b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/data/usage.out b/tests/tests/log/lastlog/15_lastlog_bad_option/data/usage.out
new file mode 100644
index 0000000..fe1385a
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/data/usage.out
@@ -0,0 +1,10 @@
+lastlog: invalid option -- 'Z'
+Usage: lastlog [options]
+
+Options:
+  -b, --before DAYS             print only lastlog records older than DAYS
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               print only lastlog records more recent than DAYS
+  -u, --user LOGIN              print lastlog record of the specified LOGIN
+
diff --git a/tests/tests/log/lastlog/15_lastlog_bad_option/lastlog.test b/tests/tests/log/lastlog/15_lastlog_bad_option/lastlog.test
new file mode 100755
index 0000000..9e56fe2
--- /dev/null
+++ b/tests/tests/log/lastlog/15_lastlog_bad_option/lastlog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get lastlog usage (lastlog -Z)..."
+lastlog -Z 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config.txt b/tests/tests/log/lastlog/16_lastlog_extra_arg/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/group b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/gshadow b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/passwd b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/shadow b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/data/usage.out b/tests/tests/log/lastlog/16_lastlog_extra_arg/data/usage.out
new file mode 100644
index 0000000..ab3455b
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/data/usage.out
@@ -0,0 +1,10 @@
+lastlog: unexpected argument: foo
+Usage: lastlog [options]
+
+Options:
+  -b, --before DAYS             print only lastlog records older than DAYS
+  -h, --help                    display this help message and exit
+  -R, --root CHROOT_DIR         directory to chroot into
+  -t, --time DAYS               print only lastlog records more recent than DAYS
+  -u, --user LOGIN              print lastlog record of the specified LOGIN
+
diff --git a/tests/tests/log/lastlog/16_lastlog_extra_arg/lastlog.test b/tests/tests/log/lastlog/16_lastlog_extra_arg/lastlog.test
new file mode 100755
index 0000000..387c292
--- /dev/null
+++ b/tests/tests/log/lastlog/16_lastlog_extra_arg/lastlog.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "lastlog checks if there are extra arguments"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get lastlog usage (lastlog foo)..."
+lastlog foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config.txt b/tests/tests/log/lastlog/17_lastlog-t/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/group b/tests/tests/log/lastlog/17_lastlog-t/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/gshadow b/tests/tests/log/lastlog/17_lastlog-t/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/passwd b/tests/tests/log/lastlog/17_lastlog-t/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/17_lastlog-t/config/etc/shadow b/tests/tests/log/lastlog/17_lastlog-t/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/17_lastlog-t/data/lastlog.list b/tests/tests/log/lastlog/17_lastlog-t/data/lastlog.list
new file mode 100644
index 0000000..f81812d
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/data/lastlog.list
@@ -0,0 +1,3 @@
+Username
+bar
+foo
diff --git a/tests/tests/log/lastlog/17_lastlog-t/lastlog.test b/tests/tests/log/lastlog/17_lastlog-t/lastlog.test
new file mode 100755
index 0000000..a000cae
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/lastlog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=2 ./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=4 ./login.exp baz
+echo "OK"
+
+echo -n "lastlog..."
+lastlog -t 3 > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/17_lastlog-t/login.exp b/tests/tests/log/lastlog/17_lastlog-t/login.exp
new file mode 100755
index 0000000..7aea521
--- /dev/null
+++ b/tests/tests/log/lastlog/17_lastlog-t/login.exp
@@ -0,0 +1,19 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -p -f $user\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config.txt b/tests/tests/log/lastlog/18_lastlog-b/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/group b/tests/tests/log/lastlog/18_lastlog-b/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/gshadow b/tests/tests/log/lastlog/18_lastlog-b/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/passwd b/tests/tests/log/lastlog/18_lastlog-b/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/18_lastlog-b/config/etc/shadow b/tests/tests/log/lastlog/18_lastlog-b/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/18_lastlog-b/data/lastlog.list b/tests/tests/log/lastlog/18_lastlog-b/data/lastlog.list
new file mode 100644
index 0000000..219b8da
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/data/lastlog.list
@@ -0,0 +1,21 @@
+Username
+root
+daemon
+bin
+sys
+sync
+games
+man
+lp
+mail
+news
+uucp
+proxy
+www-data
+backup
+list
+irc
+gnats
+nobody
+Debian-exim
+baz
diff --git a/tests/tests/log/lastlog/18_lastlog-b/lastlog.test b/tests/tests/log/lastlog/18_lastlog-b/lastlog.test
new file mode 100755
index 0000000..17349a3
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/lastlog.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports all entry from /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=2 ./login.exp foo
+echo "OK"
+echo -n "Trigger a connection as bar..."
+./login.exp bar
+echo "OK"
+echo -n "Trigger a connection as baz..."
+LD_PRELOAD=../../../common/time_past.so PAST_DAYS=4 ./login.exp baz
+echo "OK"
+
+echo -n "lastlog..."
+lastlog -b 3 > tmp/lastlog.out
+echo "OK."
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Check the list of logged in users..."
+cat tmp/lastlog.out | cut -d" " -f1 > tmp/lastlog.list
+diff -au data/lastlog.list tmp/lastlog.list
+echo "OK."
+
+rm -f tmp/lastlog.out tmp/lastlog.list
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/18_lastlog-b/login.exp b/tests/tests/log/lastlog/18_lastlog-b/login.exp
new file mode 100755
index 0000000..7aea521
--- /dev/null
+++ b/tests/tests/log/lastlog/18_lastlog-b/login.exp
@@ -0,0 +1,19 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+        set user     [lindex $argv 0]
+} else {
+        set user     "foo"
+}
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -p -f $user\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config.txt b/tests/tests/log/lastlog/19_lastlog-t_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/group b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/gshadow b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/passwd b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/shadow b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/data/lastlog.err b/tests/tests/log/lastlog/19_lastlog-t_invalid/data/lastlog.err
new file mode 100644
index 0000000..8197db7
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: invalid numeric argument '-2'
diff --git a/tests/tests/log/lastlog/19_lastlog-t_invalid/lastlog.test b/tests/tests/log/lastlog/19_lastlog-t_invalid/lastlog.test
new file mode 100755
index 0000000..50f71b5
--- /dev/null
+++ b/tests/tests/log/lastlog/19_lastlog-t_invalid/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -t -2..."
+lastlog -t -2 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config.txt b/tests/tests/log/lastlog/20_lastlog-b_invalid/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/group b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/gshadow b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/passwd b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/passwd
new file mode 100644
index 0000000..9d34d3a
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+bar:x:1001:1001::/home/bar:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+baz:x:1002:1002::/home/baz:/bin/sh
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/shadow b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/shadow
new file mode 100644
index 0000000..972f2cd
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+baz:!:12977:0:99999:7:::
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/data/lastlog.err b/tests/tests/log/lastlog/20_lastlog-b_invalid/data/lastlog.err
new file mode 100644
index 0000000..34429d4
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/data/lastlog.err
@@ -0,0 +1 @@
+lastlog: invalid numeric argument '2a'
diff --git a/tests/tests/log/lastlog/20_lastlog-b_invalid/lastlog.test b/tests/tests/log/lastlog/20_lastlog-b_invalid/lastlog.test
new file mode 100755
index 0000000..af96813
--- /dev/null
+++ b/tests/tests/log/lastlog/20_lastlog-b_invalid/lastlog.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "reports invalid -b argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+> /var/log/lastlog
+echo "OK"
+
+echo -n "lastlog -t 2a..."
+lastlog -b 2a 2>tmp/lastlog.err && exit 1 || {
+	status=$?
+}
+echo "OK."
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "lastlog reported:"
+echo "======================================================================="
+cat tmp/lastlog.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/lastlog.err tmp/lastlog.err
+echo "message OK."
+rm -f tmp/lastlog.err
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/login/01_login_prompt/config.txt b/tests/tests/login/01_login_prompt/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/login/01_login_prompt/config/etc/group b/tests/tests/login/01_login_prompt/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/login/01_login_prompt/config/etc/gshadow b/tests/tests/login/01_login_prompt/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/login/01_login_prompt/config/etc/login.defs b/tests/tests/login/01_login_prompt/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/login/01_login_prompt/config/etc/passwd b/tests/tests/login/01_login_prompt/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/login/01_login_prompt/config/etc/shadow b/tests/tests/login/01_login_prompt/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/login/01_login_prompt/login.exp b/tests/tests/login/01_login_prompt/login.exp
new file mode 100755
index 0000000..f596dba
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/login.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login\r"
+expect " login: "
+send "myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "# expect uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "id\r"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "exit\r"
+
+exit 0
diff --git a/tests/tests/login/01_login_prompt/login.test b/tests/tests/login/01_login_prompt/login.test
new file mode 100755
index 0000000..5ef6e92
--- /dev/null
+++ b/tests/tests/login/01_login_prompt/login.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./login.exp
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/login/02_login_user/config.txt b/tests/tests/login/02_login_user/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/login/02_login_user/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/login/02_login_user/config/etc/group b/tests/tests/login/02_login_user/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/login/02_login_user/config/etc/gshadow b/tests/tests/login/02_login_user/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/login/02_login_user/config/etc/login.defs b/tests/tests/login/02_login_user/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/login/02_login_user/config/etc/passwd b/tests/tests/login/02_login_user/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/login/02_login_user/config/etc/shadow b/tests/tests/login/02_login_user/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/login/02_login_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/login/02_login_user/login.exp b/tests/tests/login/02_login_user/login.exp
new file mode 100755
index 0000000..7ccef93
--- /dev/null
+++ b/tests/tests/login/02_login_user/login.exp
@@ -0,0 +1,20 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "id\r"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+send "exit\r"
+
+exit 0
+
diff --git a/tests/tests/login/02_login_user/login.test b/tests/tests/login/02_login_user/login.test
new file mode 100755
index 0000000..5ef6e92
--- /dev/null
+++ b/tests/tests/login/02_login_user/login.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./login.exp
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/login/03_login_check_tty/config.txt b/tests/tests/login/03_login_check_tty/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/login/03_login_check_tty/config/etc/group b/tests/tests/login/03_login_check_tty/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/login/03_login_check_tty/config/etc/gshadow b/tests/tests/login/03_login_check_tty/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/login/03_login_check_tty/config/etc/login.defs b/tests/tests/login/03_login_check_tty/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/login/03_login_check_tty/config/etc/passwd b/tests/tests/login/03_login_check_tty/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/login/03_login_check_tty/config/etc/shadow b/tests/tests/login/03_login_check_tty/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/login/03_login_check_tty/login.exp b/tests/tests/login/03_login_check_tty/login.exp
new file mode 100755
index 0000000..46aa50e
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/login.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login myuser\r"
+expect "Password: "
+send "myuserF00barbaz\r"
+expect "$ "
+
+send "# expecting c--x-wx--T 88 424242/myuser 5/tty\r"
+expect "$ "
+send "stat -c '%A %t %u/%U %g/%G' `tty`\r"
+expect "crw------- 88 424242/myuser 5/tty\r"
+expect "$ "
+send "exit\r"
+
+exit 0
+
diff --git a/tests/tests/login/03_login_check_tty/login.test b/tests/tests/login/03_login_check_tty/login.test
new file mode 100755
index 0000000..5ef6e92
--- /dev/null
+++ b/tests/tests/login/03_login_check_tty/login.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "try regular login with user prompt"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./login.exp
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newgidmap/01_newgidmap/config.txt b/tests/tests/newgidmap/01_newgidmap/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config.txt
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/group b/tests/tests/newgidmap/01_newgidmap/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/login.defs b/tests/tests/newgidmap/01_newgidmap/config/etc/login.defs
new file mode 100644
index 0000000..87d7550
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/login.defs
@@ -0,0 +1,341 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+# GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/passwd b/tests/tests/newgidmap/01_newgidmap/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/subgid b/tests/tests/newgidmap/01_newgidmap/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/01_newgidmap/config/etc/subuid b/tests/tests/newgidmap/01_newgidmap/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/01_newgidmap/data/gid_map b/tests/tests/newgidmap/01_newgidmap/data/gid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/data/gid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newgidmap/01_newgidmap/newgidmap.test b/tests/tests/newgidmap/01_newgidmap/newgidmap.test
new file mode 100755
index 0000000..7682662
--- /dev/null
+++ b/tests/tests/newgidmap/01_newgidmap/newgidmap.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup gid mapping"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the system on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-gidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+echo -n "Enable unprivileged user namespaces... "
+sysctl -q kernel.unprivileged_userns_clone=1
+echo "OK"
+
+echo -n "Create world writable tmp directory... "
+rm -rf /tmp/test-gidmap
+mkdir -m 0777 /tmp/test-gidmap
+echo "OK"
+
+echo -n "setup gidmapping... "
+base=$(id -g foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map
+echo "OK"
+
+echo -n "Try to setup gidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newgidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-gidmap/newgidmap.err; ret=\$?; \
+        kill \$pid; exit \$ret" && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "newgidmap returned status ($status)... "
+test "status" != 0
+echo "OK"
+
+echo -n "Check that there were a failure message... "
+grep -q 'newgidmap: Target process is owned by a different' /tmp/test-gidmap/newgidmap.err
+echo "error message OK."
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-gidmap;
+
+restore_config
+trap '' 0
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config.txt b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config.txt
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/group b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/login.defs b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/login.defs
new file mode 100644
index 0000000..be73bde
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+
+GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/passwd b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subgid b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subuid b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map.bar b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map.bar
new file mode 100644
index 0000000..d69adea
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/data/gid_map.bar
@@ -0,0 +1,2 @@
+         0       1001          1
+         1    1000000       1000
diff --git a/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
new file mode 100755
index 0000000..1152b89
--- /dev/null
+++ b/tests/tests/newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup uid mapping when primary groups don't match"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-gidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+sysctl -q kernel.unprivileged_userns_clone=1
+
+echo -n "Create world writable tmp directory..."
+rm -rf /tmp/test-gidmap
+mkdir -m 0777 /tmp/test-gidmap
+echo "OK"
+
+echo -n "setup gidmapping... "
+base=$(id -g foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map
+echo "OK"
+
+# This next test should fail if setgroups on the ns is not
+# USERNS_SETGROUPS_ALLOWED ("allow")
+# TODO let's figure out what to do about this.  For now skip
+# that test.
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-gidmap;
+
+restore_config
+trap '' 0
+exit 0
+
+echo -n "setup gidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2s; newgidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/gid_map >/tmp/test-gidmap/gid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-gidmap/gid_map data/gid_map.bar
+echo "OK"
+
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-gidmap;
+
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newuidmap/01_newuidmap/config.txt b/tests/tests/newuidmap/01_newuidmap/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config.txt
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/group b/tests/tests/newuidmap/01_newuidmap/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/login.defs b/tests/tests/newuidmap/01_newuidmap/config/etc/login.defs
new file mode 100644
index 0000000..970811e
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/login.defs
@@ -0,0 +1,343 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+# Enable this option to allow setting up uid/gid mapping
+# when the user uses an alternative primary group.
+# GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/passwd b/tests/tests/newuidmap/01_newuidmap/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/subgid b/tests/tests/newuidmap/01_newuidmap/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/01_newuidmap/config/etc/subuid b/tests/tests/newuidmap/01_newuidmap/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/01_newuidmap/data/uid_map b/tests/tests/newuidmap/01_newuidmap/data/uid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/data/uid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newuidmap/01_newuidmap/newuidmap.test b/tests/tests/newuidmap/01_newuidmap/newuidmap.test
new file mode 100755
index 0000000..5ab3122
--- /dev/null
+++ b/tests/tests/newuidmap/01_newuidmap/newuidmap.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -ex
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup uid mapping"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the system on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-uidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+echo -n "Enable unprivileged user namespaces... "
+sysctl -q kernel.unprivileged_userns_clone=1
+echo "OK"
+
+echo -n "Create world writable tmp directory... "
+rm -rf /tmp/test-uidmap
+mkdir -m 0777 /tmp/test-uidmap
+echo "OK"
+
+echo -n "setup uidmapping... "
+base=$(id -u foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2s; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+        cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
+echo "OK"
+
+echo -n "Try to setup uidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        newuidmap \$pid 0 $base 1 1 1000000 1000 2>/tmp/test-uidmap/newuidmap.err; ret=\$?; \
+        kill \$pid; exit \$ret" && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "newuidmap returned status ($status)... "
+test "status" != 0
+echo "OK"
+
+echo -n "Check that there were a failure message... "
+grep -q 'newuidmap: Target process is owned by a different' /tmp/test-uidmap/newuidmap.err
+echo "error message OK."
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-uidmap;
+
+restore_config
+trap '' 0
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config.txt b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config.txt
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/group b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/group
new file mode 100644
index 0000000..d91f3f0
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:foo
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/login.defs b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/login.defs
new file mode 100644
index 0000000..be73bde
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+
+GRANT_AUX_GROUP_SUBIDS yes
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/passwd b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subgid b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subgid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subgid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subuid b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subuid
new file mode 100644
index 0000000..c22950e
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/config/etc/subuid
@@ -0,0 +1 @@
+foo:1000000:1000
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/data/uid_map b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/data/uid_map
new file mode 100644
index 0000000..1a2d99d
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/data/uid_map
@@ -0,0 +1,2 @@
+         0       1000          1
+         1    1000000       1000
diff --git a/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
new file mode 100755
index 0000000..a9a3385
--- /dev/null
+++ b/tests/tests/newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -ex
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "setup uid mapping when primary groups don't match"
+
+save_config
+
+unpriv_userns=$( sysctl -n kernel.unprivileged_userns_clone )
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; \
+	rm -rf /tmp/test-uidmap; \
+        sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns' 0
+
+change_config
+
+sysctl -q kernel.unprivileged_userns_clone=1
+
+echo -n "Create world writable tmp directory..."
+rm -rf /tmp/test-uidmap
+mkdir -m 0777 /tmp/test-uidmap
+echo "OK"
+
+echo -n "setup uidmapping... "
+base=$(id -u foo)
+runuser foo -g foo -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+	cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
+echo "OK"
+
+echo -n "setup uidmapping with different primary group... "
+runuser foo -g bar -c "unshare -U sleep 10 & pid=\$!; \
+        sleep 2; newuidmap \$pid 0 $base 1 1 1000000 1000; ret=\$?; \
+	cat /proc/\$pid/uid_map >/tmp/test-uidmap/uid_map;
+        kill \$pid; exit \$ret"
+../../common/compare_file.pl /tmp/test-uidmap/uid_map data/uid_map
+echo "OK"
+
+log_status "$0" "SUCCESS"
+
+sysctl -q kernel.unprivileged_userns_clone=$unpriv_userns
+rm -rf /tmp/test-uidmap;
+
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/01_create_user/config.txt b/tests/tests/newusers/01_create_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config.txt
diff --git a/tests/tests/newusers/01_create_user/config/etc/group b/tests/tests/newusers/01_create_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/01_create_user/config/etc/gshadow b/tests/tests/newusers/01_create_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/01_create_user/config/etc/pam.d/common-password b/tests/tests/newusers/01_create_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/01_create_user/config/etc/pam.d/newusers b/tests/tests/newusers/01_create_user/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/01_create_user/config/etc/passwd b/tests/tests/newusers/01_create_user/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/01_create_user/config/etc/shadow b/tests/tests/newusers/01_create_user/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/01_create_user/data/group b/tests/tests/newusers/01_create_user/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/01_create_user/data/gshadow b/tests/tests/newusers/01_create_user/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/01_create_user/data/newusers.list b/tests/tests/newusers/01_create_user/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/01_create_user/data/passwd b/tests/tests/newusers/01_create_user/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/01_create_user/data/shadow b/tests/tests/newusers/01_create_user/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/01_create_user/newusers.test b/tests/tests/newusers/01_create_user/newusers.test
new file mode 100755
index 0000000..049dd17
--- /dev/null
+++ b/tests/tests/newusers/01_create_user/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/02_update_password/config.txt b/tests/tests/newusers/02_update_password/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/02_update_password/config/etc/group b/tests/tests/newusers/02_update_password/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/02_update_password/config/etc/gshadow b/tests/tests/newusers/02_update_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/02_update_password/config/etc/pam.d/common-password b/tests/tests/newusers/02_update_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/02_update_password/config/etc/pam.d/newusers b/tests/tests/newusers/02_update_password/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/02_update_password/config/etc/passwd b/tests/tests/newusers/02_update_password/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/02_update_password/config/etc/shadow b/tests/tests/newusers/02_update_password/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/02_update_password/data/newusers.list b/tests/tests/newusers/02_update_password/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/02_update_password/data/shadow b/tests/tests/newusers/02_update_password/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/02_update_password/newusers.test b/tests/tests/newusers/02_update_password/newusers.test
new file mode 100755
index 0000000..17d08e2
--- /dev/null
+++ b/tests/tests/newusers/02_update_password/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/03_no_update_pid/config.txt b/tests/tests/newusers/03_no_update_pid/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/group b/tests/tests/newusers/03_no_update_pid/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/gshadow b/tests/tests/newusers/03_no_update_pid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/common-password b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/newusers b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/passwd b/tests/tests/newusers/03_no_update_pid/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/03_no_update_pid/config/etc/shadow b/tests/tests/newusers/03_no_update_pid/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/03_no_update_pid/data/newusers.list b/tests/tests/newusers/03_no_update_pid/data/newusers.list
new file mode 100644
index 0000000..e3128e7
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:4242::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/03_no_update_pid/data/shadow b/tests/tests/newusers/03_no_update_pid/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/03_no_update_pid/newusers.test b/tests/tests/newusers/03_no_update_pid/newusers.test
new file mode 100755
index 0000000..5e59924
--- /dev/null
+++ b/tests/tests/newusers/03_no_update_pid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not change the pid of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/04_no_update_gid/config.txt b/tests/tests/newusers/04_no_update_gid/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/group b/tests/tests/newusers/04_no_update_gid/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/gshadow b/tests/tests/newusers/04_no_update_gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/common-password b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/newusers b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/passwd b/tests/tests/newusers/04_no_update_gid/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/04_no_update_gid/config/etc/shadow b/tests/tests/newusers/04_no_update_gid/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/04_no_update_gid/data/newusers.list b/tests/tests/newusers/04_no_update_gid/data/newusers.list
new file mode 100644
index 0000000..2610f3c
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/04_no_update_gid/data/shadow b/tests/tests/newusers/04_no_update_gid/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/04_no_update_gid/newusers.test b/tests/tests/newusers/04_no_update_gid/newusers.test
new file mode 100755
index 0000000..c1dabfa
--- /dev/null
+++ b/tests/tests/newusers/04_no_update_gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not change the gid of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/05_create_user_pid/config.txt b/tests/tests/newusers/05_create_user_pid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config.txt
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/group b/tests/tests/newusers/05_create_user_pid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/gshadow b/tests/tests/newusers/05_create_user_pid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/common-password b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/newusers b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/passwd b/tests/tests/newusers/05_create_user_pid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/05_create_user_pid/config/etc/shadow b/tests/tests/newusers/05_create_user_pid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/05_create_user_pid/data/group b/tests/tests/newusers/05_create_user_pid/data/group
new file mode 100644
index 0000000..96574a5
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4242:
diff --git a/tests/tests/newusers/05_create_user_pid/data/gshadow b/tests/tests/newusers/05_create_user_pid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/05_create_user_pid/data/newusers.list b/tests/tests/newusers/05_create_user_pid/data/newusers.list
new file mode 100644
index 0000000..f374b1b
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4242::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/05_create_user_pid/data/passwd b/tests/tests/newusers/05_create_user_pid/data/passwd
new file mode 100644
index 0000000..a45d9a7
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/05_create_user_pid/data/shadow b/tests/tests/newusers/05_create_user_pid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/05_create_user_pid/newusers.test b/tests/tests/newusers/05_create_user_pid/newusers.test
new file mode 100755
index 0000000..d2aa56a
--- /dev/null
+++ b/tests/tests/newusers/05_create_user_pid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a given pid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/06_create_user_gid/config.txt b/tests/tests/newusers/06_create_user_gid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config.txt
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/group b/tests/tests/newusers/06_create_user_gid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/gshadow b/tests/tests/newusers/06_create_user_gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/common-password b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/newusers b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/passwd b/tests/tests/newusers/06_create_user_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/06_create_user_gid/config/etc/shadow b/tests/tests/newusers/06_create_user_gid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/06_create_user_gid/data/group b/tests/tests/newusers/06_create_user_gid/data/group
new file mode 100644
index 0000000..96574a5
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4242:
diff --git a/tests/tests/newusers/06_create_user_gid/data/gshadow b/tests/tests/newusers/06_create_user_gid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/06_create_user_gid/data/newusers.list b/tests/tests/newusers/06_create_user_gid/data/newusers.list
new file mode 100644
index 0000000..50e7505
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/06_create_user_gid/data/passwd b/tests/tests/newusers/06_create_user_gid/data/passwd
new file mode 100644
index 0000000..8ed5455
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/06_create_user_gid/data/shadow b/tests/tests/newusers/06_create_user_gid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/06_create_user_gid/newusers.test b/tests/tests/newusers/06_create_user_gid/newusers.test
new file mode 100755
index 0000000..57cb0d5
--- /dev/null
+++ b/tests/tests/newusers/06_create_user_gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a given gid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config.txt b/tests/tests/newusers/07_create_user_pid_gid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config.txt
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/group b/tests/tests/newusers/07_create_user_pid_gid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/gshadow b/tests/tests/newusers/07_create_user_pid_gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/common-password b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/newusers b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/passwd b/tests/tests/newusers/07_create_user_pid_gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/07_create_user_pid_gid/config/etc/shadow b/tests/tests/newusers/07_create_user_pid_gid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/group b/tests/tests/newusers/07_create_user_pid_gid/data/group
new file mode 100644
index 0000000..96574a5
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4242:
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/gshadow b/tests/tests/newusers/07_create_user_pid_gid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/newusers.list b/tests/tests/newusers/07_create_user_pid_gid/data/newusers.list
new file mode 100644
index 0000000..1701c92
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/passwd b/tests/tests/newusers/07_create_user_pid_gid/data/passwd
new file mode 100644
index 0000000..a45d9a7
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:4242:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/07_create_user_pid_gid/data/shadow b/tests/tests/newusers/07_create_user_pid_gid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/07_create_user_pid_gid/newusers.test b/tests/tests/newusers/07_create_user_pid_gid/newusers.test
new file mode 100755
index 0000000..e9b0914
--- /dev/null
+++ b/tests/tests/newusers/07_create_user_pid_gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with given pid and gid (both identical)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config.txt b/tests/tests/newusers/08_create_user_pid_other-gid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config.txt
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/group b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/gshadow b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/common-password b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/newusers b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/passwd b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/shadow b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/group b/tests/tests/newusers/08_create_user_pid_other-gid/data/group
new file mode 100644
index 0000000..b2d9984
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:4243:
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/gshadow b/tests/tests/newusers/08_create_user_pid_other-gid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/newusers.list b/tests/tests/newusers/08_create_user_pid_other-gid/data/newusers.list
new file mode 100644
index 0000000..a71043d
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4242:4243:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/passwd b/tests/tests/newusers/08_create_user_pid_other-gid/data/passwd
new file mode 100644
index 0000000..fdefa6c
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:4243:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/data/shadow b/tests/tests/newusers/08_create_user_pid_other-gid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/08_create_user_pid_other-gid/newusers.test b/tests/tests/newusers/08_create_user_pid_other-gid/newusers.test
new file mode 100755
index 0000000..66573df
--- /dev/null
+++ b/tests/tests/newusers/08_create_user_pid_other-gid/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with given pid and gid (with different id)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config.txt b/tests/tests/newusers/09_create_user_pid-as-user-bar/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config.txt
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/group b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/group
new file mode 100644
index 0000000..7c6bf3a
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/gshadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/common-password b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/newusers b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/passwd b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/passwd
new file mode 100644
index 0000000..26d70f2
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/shadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/group b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/group
new file mode 100644
index 0000000..90da8d7
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
+foo:x:1043:
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/gshadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/gshadow
new file mode 100644
index 0000000..d11bb83
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
+foo:*::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/newusers.list b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/newusers.list
new file mode 100644
index 0000000..5685534
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:bar::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/passwd b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/passwd
new file mode 100644
index 0000000..5f9155b
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
+foo:x:1042:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/data/shadow b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/09_create_user_pid-as-user-bar/newusers.test b/tests/tests/newusers/09_create_user_pid-as-user-bar/newusers.test
new file mode 100755
index 0000000..93deeb2
--- /dev/null
+++ b/tests/tests/newusers/09_create_user_pid-as-user-bar/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with the pid of a named user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config.txt b/tests/tests/newusers/10_create_user_gid-as-group-bar/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config.txt
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/group b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/group
new file mode 100644
index 0000000..4e6b697
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1043:
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/gshadow b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/common-password b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/newusers b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/passwd b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/passwd
new file mode 100644
index 0000000..901ce16
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/shadow b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/data/newusers.list b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/data/passwd b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/passwd
new file mode 100644
index 0000000..e474273
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
+foo:x:1043:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/data/shadow b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/10_create_user_gid-as-group-bar/newusers.test b/tests/tests/newusers/10_create_user_gid-as-group-bar/newusers.test
new file mode 100755
index 0000000..ba852a4
--- /dev/null
+++ b/tests/tests/newusers/10_create_user_gid-as-group-bar/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with the gid of a named group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/11_update_gecos/config.txt b/tests/tests/newusers/11_update_gecos/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/group b/tests/tests/newusers/11_update_gecos/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/gshadow b/tests/tests/newusers/11_update_gecos/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/pam.d/common-password b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/pam.d/newusers b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/passwd b/tests/tests/newusers/11_update_gecos/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/11_update_gecos/config/etc/shadow b/tests/tests/newusers/11_update_gecos/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/11_update_gecos/data/newusers.list b/tests/tests/newusers/11_update_gecos/data/newusers.list
new file mode 100644
index 0000000..d4ac60c
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field - updated::/bin/sh
diff --git a/tests/tests/newusers/11_update_gecos/data/passwd b/tests/tests/newusers/11_update_gecos/data/passwd
new file mode 100644
index 0000000..c84bc61
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field - updated::/bin/sh
diff --git a/tests/tests/newusers/11_update_gecos/data/shadow b/tests/tests/newusers/11_update_gecos/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/11_update_gecos/newusers.test b/tests/tests/newusers/11_update_gecos/newusers.test
new file mode 100755
index 0000000..fb57724
--- /dev/null
+++ b/tests/tests/newusers/11_update_gecos/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the gecos of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/12_update_shell/config.txt b/tests/tests/newusers/12_update_shell/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/12_update_shell/config/etc/group b/tests/tests/newusers/12_update_shell/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/12_update_shell/config/etc/gshadow b/tests/tests/newusers/12_update_shell/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/12_update_shell/config/etc/pam.d/common-password b/tests/tests/newusers/12_update_shell/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/12_update_shell/config/etc/pam.d/newusers b/tests/tests/newusers/12_update_shell/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/12_update_shell/config/etc/passwd b/tests/tests/newusers/12_update_shell/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/12_update_shell/config/etc/shadow b/tests/tests/newusers/12_update_shell/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/12_update_shell/data/newusers.list b/tests/tests/newusers/12_update_shell/data/newusers.list
new file mode 100644
index 0000000..55add69
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/bash
diff --git a/tests/tests/newusers/12_update_shell/data/passwd b/tests/tests/newusers/12_update_shell/data/passwd
new file mode 100644
index 0000000..8fc494c
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/bash
diff --git a/tests/tests/newusers/12_update_shell/data/shadow b/tests/tests/newusers/12_update_shell/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/12_update_shell/newusers.test b/tests/tests/newusers/12_update_shell/newusers.test
new file mode 100755
index 0000000..aca2591
--- /dev/null
+++ b/tests/tests/newusers/12_update_shell/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the shell of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/13_create_user_new-home/config.txt b/tests/tests/newusers/13_create_user_new-home/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config.txt
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/group b/tests/tests/newusers/13_create_user_new-home/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/gshadow b/tests/tests/newusers/13_create_user_new-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/common-password b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/newusers b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/passwd b/tests/tests/newusers/13_create_user_new-home/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/13_create_user_new-home/config/etc/shadow b/tests/tests/newusers/13_create_user_new-home/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/13_create_user_new-home/data/group b/tests/tests/newusers/13_create_user_new-home/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/13_create_user_new-home/data/gshadow b/tests/tests/newusers/13_create_user_new-home/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/13_create_user_new-home/data/home_ls-a b/tests/tests/newusers/13_create_user_new-home/data/home_ls-a
new file mode 100644
index 0000000..81b7cb2
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x foo:foo `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/13_create_user_new-home/data/newusers.list b/tests/tests/newusers/13_create_user_new-home/data/newusers.list
new file mode 100644
index 0000000..d2dacfd
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/13_create_user_new-home/data/passwd b/tests/tests/newusers/13_create_user_new-home/data/passwd
new file mode 100644
index 0000000..a6c525b
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/13_create_user_new-home/data/shadow b/tests/tests/newusers/13_create_user_new-home/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/13_create_user_new-home/newusers.test b/tests/tests/newusers/13_create_user_new-home/newusers.test
new file mode 100755
index 0000000..3a693c1
--- /dev/null
+++ b/tests/tests/newusers/13_create_user_new-home/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers creates the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/14_create_user_existing-home/config.txt b/tests/tests/newusers/14_create_user_existing-home/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config.txt
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/group b/tests/tests/newusers/14_create_user_existing-home/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/gshadow b/tests/tests/newusers/14_create_user_existing-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/common-password b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/newusers b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/passwd b/tests/tests/newusers/14_create_user_existing-home/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/14_create_user_existing-home/config/etc/shadow b/tests/tests/newusers/14_create_user_existing-home/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/group b/tests/tests/newusers/14_create_user_existing-home/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/gshadow b/tests/tests/newusers/14_create_user_existing-home/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/home_ls-a b/tests/tests/newusers/14_create_user_existing-home/data/home_ls-a
new file mode 100644
index 0000000..50cd7c4
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/newusers.list b/tests/tests/newusers/14_create_user_existing-home/data/newusers.list
new file mode 100644
index 0000000..d2dacfd
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/passwd b/tests/tests/newusers/14_create_user_existing-home/data/passwd
new file mode 100644
index 0000000..a6c525b
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field:/tmp/test-newusers:/bin/sh
diff --git a/tests/tests/newusers/14_create_user_existing-home/data/shadow b/tests/tests/newusers/14_create_user_existing-home/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/14_create_user_existing-home/newusers.test b/tests/tests/newusers/14_create_user_existing-home/newusers.test
new file mode 100755
index 0000000..1410aa2
--- /dev/null
+++ b/tests/tests/newusers/14_create_user_existing-home/newusers.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with an existing home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+mkdir /tmp/test-newusers
+
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/15_update_new-home/config.txt b/tests/tests/newusers/15_update_new-home/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/group b/tests/tests/newusers/15_update_new-home/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/gshadow b/tests/tests/newusers/15_update_new-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/pam.d/common-password b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/pam.d/newusers b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/passwd b/tests/tests/newusers/15_update_new-home/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/15_update_new-home/config/etc/shadow b/tests/tests/newusers/15_update_new-home/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/15_update_new-home/data/home_ls-a b/tests/tests/newusers/15_update_new-home/data/home_ls-a
new file mode 100644
index 0000000..81b7cb2
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x foo:foo `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/15_update_new-home/data/newusers.list b/tests/tests/newusers/15_update_new-home/data/newusers.list
new file mode 100644
index 0000000..b2025de
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/15_update_new-home/data/passwd b/tests/tests/newusers/15_update_new-home/data/passwd
new file mode 100644
index 0000000..1db48b7
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/15_update_new-home/data/shadow b/tests/tests/newusers/15_update_new-home/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/15_update_new-home/newusers.test b/tests/tests/newusers/15_update_new-home/newusers.test
new file mode 100755
index 0000000..bc20ecf
--- /dev/null
+++ b/tests/tests/newusers/15_update_new-home/newusers.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# TODO: check what happens to the old home
+log_start "$0" "newusers can update the home directory of an user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/16_update_existing-home/config.txt b/tests/tests/newusers/16_update_existing-home/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/group b/tests/tests/newusers/16_update_existing-home/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/gshadow b/tests/tests/newusers/16_update_existing-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/common-password b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/newusers b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/passwd b/tests/tests/newusers/16_update_existing-home/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/16_update_existing-home/config/etc/shadow b/tests/tests/newusers/16_update_existing-home/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/16_update_existing-home/data/home_ls-a b/tests/tests/newusers/16_update_existing-home/data/home_ls-a
new file mode 100644
index 0000000..50cd7c4
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/16_update_existing-home/data/newusers.list b/tests/tests/newusers/16_update_existing-home/data/newusers.list
new file mode 100644
index 0000000..b2025de
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/16_update_existing-home/data/passwd b/tests/tests/newusers/16_update_existing-home/data/passwd
new file mode 100644
index 0000000..1db48b7
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field:/tmp/test-newusers:/bin/bash
diff --git a/tests/tests/newusers/16_update_existing-home/data/shadow b/tests/tests/newusers/16_update_existing-home/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/16_update_existing-home/newusers.test b/tests/tests/newusers/16_update_existing-home/newusers.test
new file mode 100755
index 0000000..1d901fa
--- /dev/null
+++ b/tests/tests/newusers/16_update_existing-home/newusers.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the home directory of an user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+mkdir /tmp/test-newusers
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directory..."
+rm -rf /tmp/test-newusers
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config.txt b/tests/tests/newusers/17_create_user_pid-already-used/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config.txt
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/group b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/group
new file mode 100644
index 0000000..7c6bf3a
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/gshadow b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/common-password b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/newusers b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/passwd b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/passwd
new file mode 100644
index 0000000..26d70f2
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/config/etc/shadow b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/group b/tests/tests/newusers/17_create_user_pid-already-used/data/group
new file mode 100644
index 0000000..90da8d7
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1042:
+foo:x:1043:
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/gshadow b/tests/tests/newusers/17_create_user_pid-already-used/data/gshadow
new file mode 100644
index 0000000..d11bb83
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
+foo:*::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/newusers.list b/tests/tests/newusers/17_create_user_pid-already-used/data/newusers.list
new file mode 100644
index 0000000..f1c75fe
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:1042::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/passwd b/tests/tests/newusers/17_create_user_pid-already-used/data/passwd
new file mode 100644
index 0000000..5f9155b
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1042::/:/bin/false
+foo:x:1042:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/data/shadow b/tests/tests/newusers/17_create_user_pid-already-used/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/17_create_user_pid-already-used/newusers.test b/tests/tests/newusers/17_create_user_pid-already-used/newusers.test
new file mode 100755
index 0000000..8546a9b
--- /dev/null
+++ b/tests/tests/newusers/17_create_user_pid-already-used/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a pid already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config.txt b/tests/tests/newusers/18_create_user_gid-already-used/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config.txt
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/group b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/group
new file mode 100644
index 0000000..4e6b697
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1043:
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/gshadow b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/gshadow
new file mode 100644
index 0000000..0586f95
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:x::
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/common-password b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/newusers b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/passwd b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/passwd
new file mode 100644
index 0000000..901ce16
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/config/etc/shadow b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/shadow
new file mode 100644
index 0000000..aa523bd
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/data/newusers.list b/tests/tests/newusers/18_create_user_gid-already-used/data/newusers.list
new file mode 100644
index 0000000..1714418
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/data/passwd b/tests/tests/newusers/18_create_user_gid-already-used/data/passwd
new file mode 100644
index 0000000..e474273
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1042:1043::/:/bin/false
+foo:x:1043:1043:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/data/shadow b/tests/tests/newusers/18_create_user_gid-already-used/data/shadow
new file mode 100644
index 0000000..28046f8
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/18_create_user_gid-already-used/newusers.test b/tests/tests/newusers/18_create_user_gid-already-used/newusers.test
new file mode 100755
index 0000000..7b15be8
--- /dev/null
+++ b/tests/tests/newusers/18_create_user_gid-already-used/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user with a gid already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/19_update_keep-old-home/config.txt b/tests/tests/newusers/19_update_keep-old-home/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/group b/tests/tests/newusers/19_update_keep-old-home/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/gshadow b/tests/tests/newusers/19_update_keep-old-home/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/common-password b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/newusers b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/passwd b/tests/tests/newusers/19_update_keep-old-home/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/19_update_keep-old-home/config/etc/shadow b/tests/tests/newusers/19_update_keep-old-home/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a
new file mode 100644
index 0000000..85833ad
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a
@@ -0,0 +1,2 @@
+drwxr-xr-x foo:foo `/tmp/test-newusers2/.'
+drwxrwxrwt root:root `/tmp/test-newusers2/..'
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a.old b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a.old
new file mode 100644
index 0000000..c8d0412
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/home_ls-a.old
@@ -0,0 +1,3 @@
+-rw-r--r-- root:root `/tmp/test-newusers/foo'
+drwxr-xr-x root:root `/tmp/test-newusers/.'
+drwxrwxrwt root:root `/tmp/test-newusers/..'
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/newusers.list b/tests/tests/newusers/19_update_keep-old-home/data/newusers.list
new file mode 100644
index 0000000..7864ffe
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field:/tmp/test-newusers2:/bin/bash
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/passwd b/tests/tests/newusers/19_update_keep-old-home/data/passwd
new file mode 100644
index 0000000..23cd129
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field:/tmp/test-newusers2:/bin/bash
diff --git a/tests/tests/newusers/19_update_keep-old-home/data/shadow b/tests/tests/newusers/19_update_keep-old-home/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/19_update_keep-old-home/newusers.test b/tests/tests/newusers/19_update_keep-old-home/newusers.test
new file mode 100755
index 0000000..74eea45
--- /dev/null
+++ b/tests/tests/newusers/19_update_keep-old-home/newusers.test
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# I don't know if it's really a feature
+log_start "$0" "newusers keeps the old home when changing the home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Home directory does not exist yet..."
+test ! -d /tmp/test-newusers
+echo "OK"
+
+mkdir /tmp/test-newusers
+echo foo > /tmp/test-newusers/foo
+trap 'log_status "$0" "FAILURE"; rm -rf /tmp/test-newusers; restore_config' 0
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+echo -n "Home directory was created..."
+test -d /tmp/test-newusers2
+echo "OK"
+echo -n "Old home directory is still there..."
+test -d /tmp/test-newusers
+echo "OK"
+
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers/* /tmp/test-newusers/.* 2>/dev/null | sort > tmp/home_ls-a.old
+diff -rauN data/home_ls-a.old tmp/home_ls-a.old
+echo "OK"
+echo -n "Check content of /tmp/test-newusers2..."
+stat --printf "%A %U:%G %N\n" /tmp/test-newusers2/* /tmp/test-newusers2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+
+echo -n "Removing home directories..."
+rm -rf /tmp/test-newusers /tmp/test-newusers2
+echo "OK"
+
+# cleanup
+rm -f tmp/home_ls-a tmp/home_ls-a.old
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/20_multiple_users/config.txt b/tests/tests/newusers/20_multiple_users/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/group b/tests/tests/newusers/20_multiple_users/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/gshadow b/tests/tests/newusers/20_multiple_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/pam.d/common-password b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/pam.d/newusers b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/passwd b/tests/tests/newusers/20_multiple_users/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/20_multiple_users/config/etc/shadow b/tests/tests/newusers/20_multiple_users/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/20_multiple_users/data/group b/tests/tests/newusers/20_multiple_users/data/group
new file mode 100644
index 0000000..ee3ddc0
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/group
@@ -0,0 +1,58 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
+foo1:x:1000:
+foo1a:x:1001:
+foo2:x:2000:
+foo3:x:2001:
+foo4:x:3000:
+foo5:x:3005:
+foo6:x:3002:
+foo7:x:61000:
+foo8:x:3003:
+foo9:x:3006:
+foo10:x:3004:
+foo11:x:63000:
+foo12:x:3007:
+foo13:x:3008:
+foo14:x:59000:
+foo15:x:59001:
diff --git a/tests/tests/newusers/20_multiple_users/data/gshadow b/tests/tests/newusers/20_multiple_users/data/gshadow
new file mode 100644
index 0000000..37b6caa
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/gshadow
@@ -0,0 +1,57 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo1a:*::
+foo2:*::
+foo3:*::
+foo4:*::
+foo5:*::
+foo6:*::
+foo7:*::
+foo8:*::
+foo9:*::
+foo10:*::
+foo11:*::
+foo12:*::
+foo13:*::
+foo14:*::
+foo15:*::
diff --git a/tests/tests/newusers/20_multiple_users/data/newusers.list b/tests/tests/newusers/20_multiple_users/data/newusers.list
new file mode 100644
index 0000000..68d54c2
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/newusers.list
@@ -0,0 +1,17 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo1a:foo1aPas:foo1::User Foo - Gecos Field::/bin/sh
+foo1b:foo1bPas::foo1a:User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
+foo4:foo4Pass:3000::User Foo - Gecos Field::/bin/sh
+foo5:foo5Pass::3005:User Foo - Gecos Field::/bin/sh
+foo6:foo6Pass:::User Foo - Gecos Field::/bin/sh
+foo7:foo7Pass:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:foo8Pass:::User Foo - Gecos Field::/bin/sh
+foo9:foo9Pass:62000::User Foo - Gecos Field::/bin/sh
+foo10:foo10Pas:::User Foo - Gecos Field::/bin/sh
+foo11:foo11Pas::63000:User Foo - Gecos Field::/bin/sh
+foo12:foo12Pas:::User Foo - Gecos Field::/bin/sh
+foo13:foo13Pas:::User Foo - Gecos Field::/bin/sh
+foo14:foo14Pas:59000::User Foo - Gecos Field::/bin/sh
+foo15:foo15Pas:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/20_multiple_users/data/passwd b/tests/tests/newusers/20_multiple_users/data/passwd
new file mode 100644
index 0000000..1dde7d5
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/passwd
@@ -0,0 +1,37 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
+foo1:x:1000:1000:User Foo - Gecos Field::/bin/sh
+foo1a:x:1000:1001:User Foo - Gecos Field::/bin/sh
+foo1b:x:1001:1001:User Foo - Gecos Field::/bin/sh
+foo2:x:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:x:2001:2001:User Foo - Gecos Field::/bin/sh
+foo4:x:3000:3000:User Foo - Gecos Field::/bin/sh
+foo5:x:3001:3005:User Foo - Gecos Field::/bin/sh
+foo6:x:3002:3002:User Foo - Gecos Field::/bin/sh
+foo7:x:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:x:3003:3003:User Foo - Gecos Field::/bin/sh
+foo9:x:62000:3006:User Foo - Gecos Field::/bin/sh
+foo10:x:3004:3004:User Foo - Gecos Field::/bin/sh
+foo11:x:3005:63000:User Foo - Gecos Field::/bin/sh
+foo12:x:3006:3007:User Foo - Gecos Field::/bin/sh
+foo13:x:3007:3008:User Foo - Gecos Field::/bin/sh
+foo14:x:59000:59000:User Foo - Gecos Field::/bin/sh
+foo15:x:59001:59001:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/20_multiple_users/data/shadow b/tests/tests/newusers/20_multiple_users/data/shadow
new file mode 100644
index 0000000..f77568e
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/data/shadow
@@ -0,0 +1,37 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo1a:@PASS_DES foo1aPas@:@TODAY@:0:99999:7:::
+foo1b:@PASS_DES foo1bPas@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
+foo3:@PASS_DES foo3Pass@:@TODAY@:0:99999:7:::
+foo4:@PASS_DES foo4Pass@:@TODAY@:0:99999:7:::
+foo5:@PASS_DES foo5Pass@:@TODAY@:0:99999:7:::
+foo6:@PASS_DES foo6Pass@:@TODAY@:0:99999:7:::
+foo7:@PASS_DES foo7Pass@:@TODAY@:0:99999:7:::
+foo8:@PASS_DES foo8Pass@:@TODAY@:0:99999:7:::
+foo9:@PASS_DES foo9Pass@:@TODAY@:0:99999:7:::
+foo10:@PASS_DES foo10Pas@:@TODAY@:0:99999:7:::
+foo11:@PASS_DES foo11Pas@:@TODAY@:0:99999:7:::
+foo12:@PASS_DES foo12Pas@:@TODAY@:0:99999:7:::
+foo13:@PASS_DES foo13Pas@:@TODAY@:0:99999:7:::
+foo14:@PASS_DES foo14Pas@:@TODAY@:0:99999:7:::
+foo15:@PASS_DES foo15Pas@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/20_multiple_users/newusers.test b/tests/tests/newusers/20_multiple_users/newusers.test
new file mode 100755
index 0000000..8868f63
--- /dev/null
+++ b/tests/tests/newusers/20_multiple_users/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can add multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+cp /etc/shadow /tmp
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config.txt b/tests/tests/newusers/21_create_user_UID_MAX/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config.txt
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/group b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/gshadow b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/common-password b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/newusers b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/passwd b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/config/etc/shadow b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/group b/tests/tests/newusers/21_create_user_UID_MAX/data/group
new file mode 100644
index 0000000..f1809d9
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:60000:
+foo2:x:1000:
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/gshadow b/tests/tests/newusers/21_create_user_UID_MAX/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/newusers.list b/tests/tests/newusers/21_create_user_UID_MAX/data/newusers.list
new file mode 100644
index 0000000..30e9ec4
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/newusers.list
@@ -0,0 +1,2 @@
+foo1:foo1Pass:60000::User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/passwd b/tests/tests/newusers/21_create_user_UID_MAX/data/passwd
new file mode 100644
index 0000000..0af03d5
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:60000:60000:User Foo - Gecos Field::/bin/sh
+foo2:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/data/shadow b/tests/tests/newusers/21_create_user_UID_MAX/data/shadow
new file mode 100644
index 0000000..e33ca21
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/21_create_user_UID_MAX/newusers.test b/tests/tests/newusers/21_create_user_UID_MAX/newusers.test
new file mode 100755
index 0000000..bb0e4cf
--- /dev/null
+++ b/tests/tests/newusers/21_create_user_UID_MAX/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers reuses a lower UID when UID_MAX is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config.txt b/tests/tests/newusers/22_create_user_GID_MAX/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config.txt
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/group b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/gshadow b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/common-password b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/newusers b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/passwd b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/config/etc/shadow b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/group b/tests/tests/newusers/22_create_user_GID_MAX/data/group
new file mode 100644
index 0000000..f1809d9
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:60000:
+foo2:x:1000:
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/gshadow b/tests/tests/newusers/22_create_user_GID_MAX/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/newusers.list b/tests/tests/newusers/22_create_user_GID_MAX/data/newusers.list
new file mode 100644
index 0000000..08a2eff
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/newusers.list
@@ -0,0 +1,2 @@
+foo1:foo1Pass::60000:User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:60000::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/passwd b/tests/tests/newusers/22_create_user_GID_MAX/data/passwd
new file mode 100644
index 0000000..7f7ec76
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:60000:User Foo - Gecos Field::/bin/sh
+foo2:x:60000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/data/shadow b/tests/tests/newusers/22_create_user_GID_MAX/data/shadow
new file mode 100644
index 0000000..e33ca21
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/22_create_user_GID_MAX/newusers.test b/tests/tests/newusers/22_create_user_GID_MAX/newusers.test
new file mode 100755
index 0000000..e07b081
--- /dev/null
+++ b/tests/tests/newusers/22_create_user_GID_MAX/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers reuses a lower GID when GID_MAX is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config.txt b/tests/tests/newusers/23_create_user_error_negative_UID/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config.txt
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/group b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/gshadow b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/passwd b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/shadow b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.err b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.err
new file mode 100644
index 0000000..d19a181
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: user '-1' does not exist
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.list b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.list
new file mode 100644
index 0000000..16f7a03
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:-1::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/23_create_user_error_negative_UID/newusers.test b/tests/tests/newusers/23_create_user_error_negative_UID/newusers.test
new file mode 100755
index 0000000..93762a6
--- /dev/null
+++ b/tests/tests/newusers/23_create_user_error_negative_UID/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with negative UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config.txt b/tests/tests/newusers/24_create_user_error_invalid_UID/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config.txt
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/group b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/gshadow b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/passwd b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/shadow b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.err b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.err
new file mode 100644
index 0000000..d31a570
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid user ID '1foo'
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.list b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.list
new file mode 100644
index 0000000..11bf6b7
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:1foo::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/24_create_user_error_invalid_UID/newusers.test b/tests/tests/newusers/24_create_user_error_invalid_UID/newusers.test
new file mode 100755
index 0000000..33d4c8b
--- /dev/null
+++ b/tests/tests/newusers/24_create_user_error_invalid_UID/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config.txt b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config.txt
new file mode 100644
index 0000000..63f3a93
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config.txt
@@ -0,0 +1,2 @@
+UID_MIN			 1000
+UID_MAX			 1001
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/group b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/gshadow b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/login.defs b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/login.defs
new file mode 100644
index 0000000..8a1af21
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			 1001
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/passwd b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/shadow b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.err b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.err
new file mode 100644
index 0000000..e12137f
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: Can't get unique UID (no more available UIDs)
+newusers: line 3: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.list b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.list
new file mode 100644
index 0000000..8d89304
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/data/newusers.list
@@ -0,0 +1,3 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:::User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/25_create_user_error_no_remaining_UID/newusers.test b/tests/tests/newusers/25_create_user_error_no_remaining_UID/newusers.test
new file mode 100755
index 0000000..6412388
--- /dev/null
+++ b/tests/tests/newusers/25_create_user_error_no_remaining_UID/newusers.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails when there are no more available UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "newusers returned status '$status'"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config.txt b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config.txt
new file mode 100644
index 0000000..06fe808
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config.txt
@@ -0,0 +1,4 @@
+UID_MIN			 1000
+UID_MAX			 1002
+GID_MIN			 1000
+GID_MAX			 1001
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/group b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/gshadow b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/login.defs b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/login.defs
new file mode 100644
index 0000000..1709b87
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			 1002
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			 1001
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/passwd b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/shadow b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.err b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.err
new file mode 100644
index 0000000..1c50637
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: Can't get unique GID (no more available GIDs)
+newusers: line 3: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.list b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.list
new file mode 100644
index 0000000..8d89304
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/data/newusers.list
@@ -0,0 +1,3 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:::User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/26_create_user_error_no_remaining_GID/newusers.test b/tests/tests/newusers/26_create_user_error_no_remaining_GID/newusers.test
new file mode 100755
index 0000000..f4c9683
--- /dev/null
+++ b/tests/tests/newusers/26_create_user_error_no_remaining_GID/newusers.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails when there are no more available GIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "newusers returned status '$status'"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config.txt b/tests/tests/newusers/27_create_user_error_invalid_username/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config.txt
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/group b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/gshadow b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/passwd b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/shadow b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.err b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.err
new file mode 100644
index 0000000..1781a93
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group name 'f o o'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.list b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.list
new file mode 100644
index 0000000..9b2d68b
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/data/newusers.list
@@ -0,0 +1 @@
+f o o:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/27_create_user_error_invalid_username/newusers.test b/tests/tests/newusers/27_create_user_error_invalid_username/newusers.test
new file mode 100755
index 0000000..7ba2780
--- /dev/null
+++ b/tests/tests/newusers/27_create_user_error_invalid_username/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if the username is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config.txt b/tests/tests/newusers/28_create_user_error_invalid_groupname/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config.txt
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/group b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/gshadow b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/passwd b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/shadow b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.err b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.err
new file mode 100644
index 0000000..1781a93
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group name 'f o o'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.list b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.list
new file mode 100644
index 0000000..f57cf94
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::f o o:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/28_create_user_error_invalid_groupname/newusers.test b/tests/tests/newusers/28_create_user_error_invalid_groupname/newusers.test
new file mode 100755
index 0000000..6503bf1
--- /dev/null
+++ b/tests/tests/newusers/28_create_user_error_invalid_groupname/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if the groupname is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config.txt b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config.txt
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/group b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/gshadow b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/passwd b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/shadow b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.err b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.err
new file mode 100644
index 0000000..420b076
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid user name 'f o o'
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.list b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.list
new file mode 100644
index 0000000..6f74caf
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/data/newusers.list
@@ -0,0 +1 @@
+f o o:fooPass::foo:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
new file mode 100755
index 0000000..9131db7
--- /dev/null
+++ b/tests/tests/newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if the username is invalid (even if groupname is valid)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config.txt b/tests/tests/newusers/30_create_user_different_groupname/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config.txt
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/group b/tests/tests/newusers/30_create_user_different_groupname/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/gshadow b/tests/tests/newusers/30_create_user_different_groupname/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/common-password b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/newusers b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/passwd b/tests/tests/newusers/30_create_user_different_groupname/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/30_create_user_different_groupname/config/etc/shadow b/tests/tests/newusers/30_create_user_different_groupname/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/group b/tests/tests/newusers/30_create_user_different_groupname/data/group
new file mode 100644
index 0000000..75815b9
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:1000:
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/gshadow b/tests/tests/newusers/30_create_user_different_groupname/data/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/newusers.list b/tests/tests/newusers/30_create_user_different_groupname/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/passwd b/tests/tests/newusers/30_create_user_different_groupname/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/30_create_user_different_groupname/data/shadow b/tests/tests/newusers/30_create_user_different_groupname/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/30_create_user_different_groupname/newusers.test b/tests/tests/newusers/30_create_user_different_groupname/newusers.test
new file mode 100755
index 0000000..c5fd4bb
--- /dev/null
+++ b/tests/tests/newusers/30_create_user_different_groupname/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user and new group with different names"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config.txt b/tests/tests/newusers/31_create_user_error_invalid_GID/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config.txt
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/group b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/gshadow b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/passwd b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/shadow b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.err b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.err
new file mode 100644
index 0000000..8a425df
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group ID '1foo'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.list b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.list
new file mode 100644
index 0000000..09a2d0b
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::1foo:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/31_create_user_error_invalid_GID/newusers.test b/tests/tests/newusers/31_create_user_error_invalid_GID/newusers.test
new file mode 100755
index 0000000..01e701e
--- /dev/null
+++ b/tests/tests/newusers/31_create_user_error_invalid_GID/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config.txt b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config.txt
new file mode 100644
index 0000000..9f0f610
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config.txt
@@ -0,0 +1 @@
+group bar exist in gshadow, not in group
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/group b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/gshadow b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/gshadow
new file mode 100644
index 0000000..e814af0
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/passwd b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/shadow b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.err b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.err
new file mode 100644
index 0000000..4d8ae70
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: group 'bar' is a shadow group, but does not exist in /etc/group
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.list b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.list
new file mode 100644
index 0000000..f9d747c
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass::bar:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/32_create_user_error_gshadow_group_exists/newusers.test b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/newusers.test
new file mode 100755
index 0000000..40749e3
--- /dev/null
+++ b/tests/tests/newusers/32_create_user_error_gshadow_group_exists/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails if a user references a group which exist in gshadow and not in group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config.txt b/tests/tests/newusers/33_update_password_no_shadow_password/config.txt
new file mode 100644
index 0000000..02cfc9a
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+no user foo in /etc/shadow
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/group b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/gshadow b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/common-password b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/newusers b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/passwd b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/shadow b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/data/newusers.list b/tests/tests/newusers/33_update_password_no_shadow_password/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/data/passwd b/tests/tests/newusers/33_update_password_no_shadow_password/data/passwd
new file mode 100644
index 0000000..33b4c02
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:@PASS_DES fooPass2@:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/33_update_password_no_shadow_password/newusers.test b/tests/tests/newusers/33_update_password_no_shadow_password/newusers.test
new file mode 100755
index 0000000..38189f7
--- /dev/null
+++ b/tests/tests/newusers/33_update_password_no_shadow_password/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of a user which does not exist in shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config.txt b/tests/tests/newusers/34_update_password_no_shadow/config.txt
new file mode 100644
index 0000000..557c421
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+/etc/shadow will be destroyed
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/group b/tests/tests/newusers/34_update_password_no_shadow/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/gshadow b/tests/tests/newusers/34_update_password_no_shadow/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/common-password b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/newusers b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/passwd b/tests/tests/newusers/34_update_password_no_shadow/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/34_update_password_no_shadow/config/etc/shadow b/tests/tests/newusers/34_update_password_no_shadow/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/34_update_password_no_shadow/data/newusers.list b/tests/tests/newusers/34_update_password_no_shadow/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/34_update_password_no_shadow/data/passwd b/tests/tests/newusers/34_update_password_no_shadow/data/passwd
new file mode 100644
index 0000000..33b4c02
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:@PASS_DES fooPass2@:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/34_update_password_no_shadow/newusers.test b/tests/tests/newusers/34_update_password_no_shadow/newusers.test
new file mode 100755
index 0000000..1a9979e
--- /dev/null
+++ b/tests/tests/newusers/34_update_password_no_shadow/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user, when there is no shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+rm -f /etc/shadow /etc/gshadow
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+test ! -f /etc/shadow
+echo "OK" 
+echo -n "Check the gshadow file..." 
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/35_read_from_stdin/config.txt b/tests/tests/newusers/35_read_from_stdin/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config.txt
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/group b/tests/tests/newusers/35_read_from_stdin/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/gshadow b/tests/tests/newusers/35_read_from_stdin/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/common-password b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/newusers b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/passwd b/tests/tests/newusers/35_read_from_stdin/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/35_read_from_stdin/config/etc/shadow b/tests/tests/newusers/35_read_from_stdin/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/35_read_from_stdin/data/group b/tests/tests/newusers/35_read_from_stdin/data/group
new file mode 100644
index 0000000..15f4c27
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/newusers/35_read_from_stdin/data/gshadow b/tests/tests/newusers/35_read_from_stdin/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/newusers/35_read_from_stdin/data/newusers.list b/tests/tests/newusers/35_read_from_stdin/data/newusers.list
new file mode 100644
index 0000000..b51078f
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/newusers.list
@@ -0,0 +1,2 @@
+foo1:foo1Pass:::User foo1 - Gecos Field::/bin/sh
+foo2:foo2Pass:::User foo2 - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/35_read_from_stdin/data/passwd b/tests/tests/newusers/35_read_from_stdin/data/passwd
new file mode 100644
index 0000000..0c6350e
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:User foo1 - Gecos Field::/bin/sh
+foo2:x:1001:1001:User foo2 - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/35_read_from_stdin/data/shadow b/tests/tests/newusers/35_read_from_stdin/data/shadow
new file mode 100644
index 0000000..e33ca21
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/data/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/35_read_from_stdin/newusers.test b/tests/tests/newusers/35_read_from_stdin/newusers.test
new file mode 100755
index 0000000..a135564
--- /dev/null
+++ b/tests/tests/newusers/35_read_from_stdin/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can read the list from stdin"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+cat data/newusers.list | newusers
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/36_create_user_encrypted/config.txt b/tests/tests/newusers/36_create_user_encrypted/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config.txt
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/group b/tests/tests/newusers/36_create_user_encrypted/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/gshadow b/tests/tests/newusers/36_create_user_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/passwd b/tests/tests/newusers/36_create_user_encrypted/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/36_create_user_encrypted/config/etc/shadow b/tests/tests/newusers/36_create_user_encrypted/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/group b/tests/tests/newusers/36_create_user_encrypted/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/gshadow b/tests/tests/newusers/36_create_user_encrypted/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/newusers.list b/tests/tests/newusers/36_create_user_encrypted/data/newusers.list
new file mode 100644
index 0000000..4b43ba5
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fo9LtdQDLJ8Fs:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/passwd b/tests/tests/newusers/36_create_user_encrypted/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/36_create_user_encrypted/data/shadow b/tests/tests/newusers/36_create_user_encrypted/data/shadow
new file mode 100644
index 0000000..1d221a8
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fo9LtdQDLJ8Fs:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/36_create_user_encrypted/newusers.test b/tests/tests/newusers/36_create_user_encrypted/newusers.test
new file mode 100755
index 0000000..ab0a264
--- /dev/null
+++ b/tests/tests/newusers/36_create_user_encrypted/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can create a new user, and provide an already encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config.txt b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config.txt
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/group b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/group b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/newusers.list b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/shadow
new file mode 100644
index 0000000..cff74f8
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_MD5 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/newusers.test b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/newusers.test
new file mode 100755
index 0000000..f916194
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5-PAM/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the MD5 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config.txt b/tests/tests/newusers/37_create_user_encrypt_MD5/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config.txt
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/group b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/group b/tests/tests/newusers/37_create_user_encrypt_MD5/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/gshadow b/tests/tests/newusers/37_create_user_encrypt_MD5/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/newusers.list b/tests/tests/newusers/37_create_user_encrypt_MD5/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/passwd b/tests/tests/newusers/37_create_user_encrypt_MD5/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/data/shadow b/tests/tests/newusers/37_create_user_encrypt_MD5/data/shadow
new file mode 100644
index 0000000..cff74f8
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_MD5 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/37_create_user_encrypt_MD5/newusers.test b/tests/tests/newusers/37_create_user_encrypt_MD5/newusers.test
new file mode 100755
index 0000000..e497ca9
--- /dev/null
+++ b/tests/tests/newusers/37_create_user_encrypt_MD5/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the MD5 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c MD5 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config.txt b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config.txt
new file mode 100644
index 0000000..b24760e
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+shadow and gshadow will be removed.
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/group b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/gshadow b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/passwd b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/shadow b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/newusers.list b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/newusers.list
new file mode 100644
index 0000000..d70655e
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fozvMZd6F6hFU:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/passwd b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/passwd
new file mode 100644
index 0000000..a8e6425
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:fozvMZd6F6hFU:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/38_update_password_no_shadow_encrypted/newusers.test b/tests/tests/newusers/38_update_password_no_shadow_encrypted/newusers.test
new file mode 100755
index 0000000..ba0b660
--- /dev/null
+++ b/tests/tests/newusers/38_update_password_no_shadow_encrypted/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user in the passwd file, with a pre-encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+rm -f /etc/shadow /etc/gshadow
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+test ! -f /etc/shadow
+echo "OK" 
+echo -n "Check the gshadow file..." 
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config.txt b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config.txt
new file mode 100644
index 0000000..f21646b
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+No user foo in shadow
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/group b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/gshadow b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/passwd b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..90bf0ab
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:eKzSSVkXDoVUM:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/shadow b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/newusers.list b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/newusers.list
new file mode 100644
index 0000000..d70655e
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fozvMZd6F6hFU:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/passwd b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/passwd
new file mode 100644
index 0000000..a8e6425
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:fozvMZd6F6hFU:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/newusers.test b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/newusers.test
new file mode 100755
index 0000000..1daf41f
--- /dev/null
+++ b/tests/tests/newusers/39_update_password_no_shadow_password_encrypted/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user with a pre-encrypted password, when this user has no shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/40_update_password_encrypted/config.txt b/tests/tests/newusers/40_update_password_encrypted/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/group b/tests/tests/newusers/40_update_password_encrypted/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/gshadow b/tests/tests/newusers/40_update_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/passwd b/tests/tests/newusers/40_update_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/40_update_password_encrypted/config/etc/shadow b/tests/tests/newusers/40_update_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/40_update_password_encrypted/data/newusers.list b/tests/tests/newusers/40_update_password_encrypted/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/40_update_password_encrypted/data/shadow b/tests/tests/newusers/40_update_password_encrypted/data/shadow
new file mode 100644
index 0000000..b466143
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooPass2:13906:0:99999:7:::
diff --git a/tests/tests/newusers/40_update_password_encrypted/newusers.test b/tests/tests/newusers/40_update_password_encrypted/newusers.test
new file mode 100755
index 0000000..bb6be18
--- /dev/null
+++ b/tests/tests/newusers/40_update_password_encrypted/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user with a pre-encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c NONE data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config.txt b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config.txt
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/group b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..ab27f3e
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/group b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/newusers.list b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/newusers.test b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
new file mode 100755
index 0000000..284bb3e
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config.txt b/tests/tests/newusers/41_create_user_encrypt_SHA256/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config.txt
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/group b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/group b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/gshadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/newusers.list b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/passwd b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/data/shadow b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/41_create_user_encrypt_SHA256/newusers.test b/tests/tests/newusers/41_create_user_encrypt_SHA256/newusers.test
new file mode 100755
index 0000000..ba0828d
--- /dev/null
+++ b/tests/tests/newusers/41_create_user_encrypt_SHA256/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c SHA256 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config.txt b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config.txt
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/group b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cc251ad
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/group b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/newusers.list b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/shadow
new file mode 100644
index 0000000..1f9ef64
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/newusers.test b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
new file mode 100755
index 0000000..796dbcc
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA512 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config.txt b/tests/tests/newusers/42_create_user_encrypt_SHA512/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config.txt
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/group b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/group b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/gshadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/newusers.list b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/passwd b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/data/shadow b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/shadow
new file mode 100644
index 0000000..1f9ef64
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/42_create_user_encrypt_SHA512/newusers.test b/tests/tests/newusers/42_create_user_encrypt_SHA512/newusers.test
new file mode 100755
index 0000000..9036b9b
--- /dev/null
+++ b/tests/tests/newusers/42_create_user_encrypt_SHA512/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA512 algorithm"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers -c SHA512 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config.txt
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..a15d7a6
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256 rounds=3000
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
new file mode 100755
index 0000000..6260beb
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm and a specified number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c SHA256 -s 3000 data/newusers.list"
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 3000 ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config.txt b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config.txt
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/group b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/gshadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/newusers.list b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/passwd b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/shadow b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
new file mode 100755
index 0000000..26f87f2
--- /dev/null
+++ b/tests/tests/newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can encrypt the passwords with the SHA256 algorithm and a specified number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c SHA256 -s 3000 data/newusers.list"
+newusers -c SHA256 -s 3000 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 3000 ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config.txt b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config.txt
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/common-password b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/common-password
new file mode 100644
index 0000000..7bdd3a2
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256 rounds=300
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/newusers b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/newusers.list b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
new file mode 100755
index 0000000..e2c2c99
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers: the minimum number of rounds for SHA256 is 1000"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers data/newusers.list"
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 1000 ] && [ ! "$rounds" = "" ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config.txt b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config.txt
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/group b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/gshadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/newusers.list b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/passwd b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/shadow b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/shadow
new file mode 100644
index 0000000..b07274f
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
new file mode 100755
index 0000000..bea0ad8
--- /dev/null
+++ b/tests/tests/newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers: the minimum number of rounds for SHA256 is 1000"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c SHA256 -s 300 data/newusers.list"
+newusers -c SHA256 -s 300 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the number of rounds..."
+rounds=$(sed -n 's/^foo:\$5\$rounds=\([0-9]*\)\$.*$/\1/p' /etc/shadow)
+echo -n "($rounds)..."
+if [ ! "$rounds" = 1000 ]; then
+	echo "Wrong number of rounds"
+	grep "^foo:" /etc/shadow
+	exit 1
+fi
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config.txt b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config.txt
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/group b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/gshadow b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/passwd b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/shadow b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.err b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.err
new file mode 100644
index 0000000..4b285af
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.err
@@ -0,0 +1,8 @@
+newusers: -s flag is only allowed with the -c flag
+Usage: newusers [options] [input]
+
+  -c, --crypt-method            the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -r, --system                  create system accounts
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.list b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/45_create_user_encrypt_rounds_3000/newusers.test b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/newusers.test
new file mode 100755
index 0000000..acc9648
--- /dev/null
+++ b/tests/tests/newusers/45_create_user_encrypt_rounds_3000/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers: the number of rounds cannot be specified without a -c method"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "newusers -s 3000 data/newusers.list ..."
+newusers -s 3000 data/newusers.list 2> tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config.txt b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config.txt
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/group b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/gshadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/passwd b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/shadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/group b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/gshadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/newusers.list b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/passwd b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/shadow b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/shadow
new file mode 100644
index 0000000..cff74f8
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_MD5 fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
new file mode 100755
index 0000000..2a5bfb8
--- /dev/null
+++ b/tests/tests/newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers ignore the number of rounds with the MD5 method"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "newusers -c MD5 -s 3000 data/newusers.list"
+newusers -c MD5 -s 3000 data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK"
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config.txt b/tests/tests/newusers/47_create_user_error_UID_4294967295/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config.txt
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/group b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/gshadow b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/passwd b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/shadow b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.err b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.err
new file mode 100644
index 0000000..3fa2568
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid user ID '4294967295'
+newusers: line 1: can't create user
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.list b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.list
new file mode 100644
index 0000000..db2d9a9
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:4294967295::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/47_create_user_error_UID_4294967295/newusers.test b/tests/tests/newusers/47_create_user_error_UID_4294967295/newusers.test
new file mode 100755
index 0000000..33d4c8b
--- /dev/null
+++ b/tests/tests/newusers/47_create_user_error_UID_4294967295/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config.txt b/tests/tests/newusers/48_create_user_error_GID_4294967295/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config.txt
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/group b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/gshadow b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/passwd b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/shadow b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.err b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.err
new file mode 100644
index 0000000..72803c5
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.err
@@ -0,0 +1,3 @@
+newusers: invalid group ID '4294967295'
+newusers: line 1: can't create group
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.list b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.list
new file mode 100644
index 0000000..734a204
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:2147483648:4294967295:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/48_create_user_error_GID_4294967295/newusers.test b/tests/tests/newusers/48_create_user_error_GID_4294967295/newusers.test
new file mode 100755
index 0000000..33d4c8b
--- /dev/null
+++ b/tests/tests/newusers/48_create_user_error_GID_4294967295/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers fails with invalid UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Creating the users..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "error message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/49_multiple_system_users/config.txt b/tests/tests/newusers/49_multiple_system_users/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/group b/tests/tests/newusers/49_multiple_system_users/config/etc/group
new file mode 100644
index 0000000..35fb1e9
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
+fooo:x:997:
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/gshadow b/tests/tests/newusers/49_multiple_system_users/config/etc/gshadow
new file mode 100644
index 0000000..72f456f
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
+fooo:x::
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/common-password b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/newusers b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/passwd b/tests/tests/newusers/49_multiple_system_users/config/etc/passwd
new file mode 100644
index 0000000..a4907a1
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:998:998::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
+fooo:x:997:997:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/49_multiple_system_users/config/etc/shadow b/tests/tests/newusers/49_multiple_system_users/config/etc/shadow
new file mode 100644
index 0000000..4fee3da
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/config/etc/shadow
@@ -0,0 +1,21 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
+fooo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/49_multiple_system_users/data/group b/tests/tests/newusers/49_multiple_system_users/data/group
new file mode 100644
index 0000000..d9abdaa
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/group
@@ -0,0 +1,59 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
+fooo:x:997:
+foo1:x:996:
+foo1a:x:999:
+foo2:x:2000:
+foo3:x:994:
+foo4:x:998:
+foo5:x:3005:
+foo6:x:992:
+foo7:x:61000:
+foo8:x:991:
+foo9:x:995:
+foo10:x:990:
+foo11:x:63000:
+foo12:x:988:
+foo13:x:987:
+foo14:x:993:
+foo15:x:986:
diff --git a/tests/tests/newusers/49_multiple_system_users/data/gshadow b/tests/tests/newusers/49_multiple_system_users/data/gshadow
new file mode 100644
index 0000000..51dc764
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/gshadow
@@ -0,0 +1,59 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
+fooo:x::
+foo1:*::
+foo1a:*::
+foo2:*::
+foo3:*::
+foo4:*::
+foo5:*::
+foo6:*::
+foo7:*::
+foo8:*::
+foo9:*::
+foo10:*::
+foo11:*::
+foo12:*::
+foo13:*::
+foo14:*::
+foo15:*::
diff --git a/tests/tests/newusers/49_multiple_system_users/data/newusers.list b/tests/tests/newusers/49_multiple_system_users/data/newusers.list
new file mode 100644
index 0000000..68d54c2
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/newusers.list
@@ -0,0 +1,17 @@
+foo1:foo1Pass:::User Foo - Gecos Field::/bin/sh
+foo1a:foo1aPas:foo1::User Foo - Gecos Field::/bin/sh
+foo1b:foo1bPas::foo1a:User Foo - Gecos Field::/bin/sh
+foo2:foo2Pass:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:foo3Pass:::User Foo - Gecos Field::/bin/sh
+foo4:foo4Pass:3000::User Foo - Gecos Field::/bin/sh
+foo5:foo5Pass::3005:User Foo - Gecos Field::/bin/sh
+foo6:foo6Pass:::User Foo - Gecos Field::/bin/sh
+foo7:foo7Pass:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:foo8Pass:::User Foo - Gecos Field::/bin/sh
+foo9:foo9Pass:62000::User Foo - Gecos Field::/bin/sh
+foo10:foo10Pas:::User Foo - Gecos Field::/bin/sh
+foo11:foo11Pas::63000:User Foo - Gecos Field::/bin/sh
+foo12:foo12Pas:::User Foo - Gecos Field::/bin/sh
+foo13:foo13Pas:::User Foo - Gecos Field::/bin/sh
+foo14:foo14Pas:59000::User Foo - Gecos Field::/bin/sh
+foo15:foo15Pas:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/49_multiple_system_users/data/passwd b/tests/tests/newusers/49_multiple_system_users/data/passwd
new file mode 100644
index 0000000..fb8a075
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/passwd
@@ -0,0 +1,38 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:998:998::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
+fooo:x:997:997:User Foo - Gecos Field::/bin/sh
+foo1:x:996:996:User Foo - Gecos Field::/bin/sh
+foo1a:x:996:999:User Foo - Gecos Field::/bin/sh
+foo1b:x:995:999:User Foo - Gecos Field::/bin/sh
+foo2:x:2000:2000:User Foo - Gecos Field::/bin/sh
+foo3:x:994:994:User Foo - Gecos Field::/bin/sh
+foo4:x:3000:998:User Foo - Gecos Field::/bin/sh
+foo5:x:993:3005:User Foo - Gecos Field::/bin/sh
+foo6:x:992:992:User Foo - Gecos Field::/bin/sh
+foo7:x:61000:61000:User Foo - Gecos Field::/bin/sh
+foo8:x:991:991:User Foo - Gecos Field::/bin/sh
+foo9:x:62000:995:User Foo - Gecos Field::/bin/sh
+foo10:x:990:990:User Foo - Gecos Field::/bin/sh
+foo11:x:989:63000:User Foo - Gecos Field::/bin/sh
+foo12:x:988:988:User Foo - Gecos Field::/bin/sh
+foo13:x:987:987:User Foo - Gecos Field::/bin/sh
+foo14:x:59000:993:User Foo - Gecos Field::/bin/sh
+foo15:x:986:986:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/49_multiple_system_users/data/shadow b/tests/tests/newusers/49_multiple_system_users/data/shadow
new file mode 100644
index 0000000..bd434e3
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/data/shadow
@@ -0,0 +1,38 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
+fooo:eKzSSVkXDoVUM:13906:0:99999:7:::
+foo1:@PASS_DES foo1Pass@:@TODAY@:0:99999:7:::
+foo1a:@PASS_DES foo1aPas@:@TODAY@:0:99999:7:::
+foo1b:@PASS_DES foo1bPas@:@TODAY@:0:99999:7:::
+foo2:@PASS_DES foo2Pass@:@TODAY@:0:99999:7:::
+foo3:@PASS_DES foo3Pass@:@TODAY@:0:99999:7:::
+foo4:@PASS_DES foo4Pass@:@TODAY@:0:99999:7:::
+foo5:@PASS_DES foo5Pass@:@TODAY@:0:99999:7:::
+foo6:@PASS_DES foo6Pass@:@TODAY@:0:99999:7:::
+foo7:@PASS_DES foo7Pass@:@TODAY@:0:99999:7:::
+foo8:@PASS_DES foo8Pass@:@TODAY@:0:99999:7:::
+foo9:@PASS_DES foo9Pass@:@TODAY@:0:99999:7:::
+foo10:@PASS_DES foo10Pas@:@TODAY@:0:99999:7:::
+foo11:@PASS_DES foo11Pas@:@TODAY@:0:99999:7:::
+foo12:@PASS_DES foo12Pas@:@TODAY@:0:99999:7:::
+foo13:@PASS_DES foo13Pas@:@TODAY@:0:99999:7:::
+foo14:@PASS_DES foo14Pas@:@TODAY@:0:99999:7:::
+foo15:@PASS_DES foo15Pas@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/49_multiple_system_users/newusers.test b/tests/tests/newusers/49_multiple_system_users/newusers.test
new file mode 100755
index 0000000..f9075d2
--- /dev/null
+++ b/tests/tests/newusers/49_multiple_system_users/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can add multiple system users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers --system data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/50_usage/config.txt b/tests/tests/newusers/50_usage/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config.txt
diff --git a/tests/tests/newusers/50_usage/config/etc/group b/tests/tests/newusers/50_usage/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/50_usage/config/etc/gshadow b/tests/tests/newusers/50_usage/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/50_usage/config/etc/passwd b/tests/tests/newusers/50_usage/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/50_usage/config/etc/shadow b/tests/tests/newusers/50_usage/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/50_usage/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/50_usage/data/usage.out b/tests/tests/newusers/50_usage/data/usage.out
new file mode 100644
index 0000000..82fa641
--- /dev/null
+++ b/tests/tests/newusers/50_usage/data/usage.out
@@ -0,0 +1,7 @@
+Usage: newusers [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --system                  create system accounts
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/newusers/50_usage/newusers.test b/tests/tests/newusers/50_usage/newusers.test
new file mode 100755
index 0000000..3dca38a
--- /dev/null
+++ b/tests/tests/newusers/50_usage/newusers.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get newusers usage (newusers -h)..."
+newusers -h >tmp/usage.out
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/51_usage_invalid_option/config.txt b/tests/tests/newusers/51_usage_invalid_option/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config.txt
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/group b/tests/tests/newusers/51_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/gshadow b/tests/tests/newusers/51_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/passwd b/tests/tests/newusers/51_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/51_usage_invalid_option/config/etc/shadow b/tests/tests/newusers/51_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/51_usage_invalid_option/data/usage.out b/tests/tests/newusers/51_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..e111c34
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/data/usage.out
@@ -0,0 +1,8 @@
+newusers: invalid option -- 'Z'
+Usage: newusers [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --system                  create system accounts
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/newusers/51_usage_invalid_option/newusers.test b/tests/tests/newusers/51_usage_invalid_option/newusers.test
new file mode 100755
index 0000000..77dc821
--- /dev/null
+++ b/tests/tests/newusers/51_usage_invalid_option/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers displays its usage message in case of bad usage"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with an invalid option (newusers -Z)..."
+newusers -Z bin 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/52_usage_2_input_files/config.txt b/tests/tests/newusers/52_usage_2_input_files/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config.txt
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/group b/tests/tests/newusers/52_usage_2_input_files/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/gshadow b/tests/tests/newusers/52_usage_2_input_files/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/passwd b/tests/tests/newusers/52_usage_2_input_files/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/52_usage_2_input_files/config/etc/shadow b/tests/tests/newusers/52_usage_2_input_files/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/52_usage_2_input_files/data/usage.out b/tests/tests/newusers/52_usage_2_input_files/data/usage.out
new file mode 100644
index 0000000..82fa641
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/data/usage.out
@@ -0,0 +1,7 @@
+Usage: newusers [options]
+
+Options:
+  -h, --help                    display this help message and exit
+  -r, --system                  create system accounts
+  -R, --root CHROOT_DIR         directory to chroot into
+
diff --git a/tests/tests/newusers/52_usage_2_input_files/newusers.test b/tests/tests/newusers/52_usage_2_input_files/newusers.test
new file mode 100755
index 0000000..255f1c4
--- /dev/null
+++ b/tests/tests/newusers/52_usage_2_input_files/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers displays its usage message in case of bad usage"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with 2 input files (newusers list1 list2)..."
+newusers list1 list2 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/53_locked_passwd/config.txt b/tests/tests/newusers/53_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config.txt
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/group b/tests/tests/newusers/53_locked_passwd/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/gshadow b/tests/tests/newusers/53_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/passwd b/tests/tests/newusers/53_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/53_locked_passwd/config/etc/shadow b/tests/tests/newusers/53_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/53_locked_passwd/data/newusers.list b/tests/tests/newusers/53_locked_passwd/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/53_locked_passwd/data/usage.out b/tests/tests/newusers/53_locked_passwd/data/usage.out
new file mode 100644
index 0000000..7a0563f
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/passwd.lock without a PID
+newusers: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/newusers/53_locked_passwd/newusers.test b/tests/tests/newusers/53_locked_passwd/newusers.test
new file mode 100755
index 0000000..790582e
--- /dev/null
+++ b/tests/tests/newusers/53_locked_passwd/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when passwd is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/54_locked_shadow/config.txt b/tests/tests/newusers/54_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config.txt
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/group b/tests/tests/newusers/54_locked_shadow/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/gshadow b/tests/tests/newusers/54_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/passwd b/tests/tests/newusers/54_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/54_locked_shadow/config/etc/shadow b/tests/tests/newusers/54_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/54_locked_shadow/data/newusers.list b/tests/tests/newusers/54_locked_shadow/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/54_locked_shadow/data/usage.out b/tests/tests/newusers/54_locked_shadow/data/usage.out
new file mode 100644
index 0000000..309a750
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/shadow.lock without a PID
+newusers: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/newusers/54_locked_shadow/newusers.test b/tests/tests/newusers/54_locked_shadow/newusers.test
new file mode 100755
index 0000000..c8b5038
--- /dev/null
+++ b/tests/tests/newusers/54_locked_shadow/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when shadow is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/55_locked_group/config.txt b/tests/tests/newusers/55_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config.txt
diff --git a/tests/tests/newusers/55_locked_group/config/etc/group b/tests/tests/newusers/55_locked_group/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/55_locked_group/config/etc/gshadow b/tests/tests/newusers/55_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/55_locked_group/config/etc/passwd b/tests/tests/newusers/55_locked_group/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/55_locked_group/config/etc/shadow b/tests/tests/newusers/55_locked_group/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/55_locked_group/data/newusers.list b/tests/tests/newusers/55_locked_group/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/55_locked_group/data/usage.out b/tests/tests/newusers/55_locked_group/data/usage.out
new file mode 100644
index 0000000..ad33b0c
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/group.lock without a PID
+newusers: cannot lock /etc/group; try again later.
diff --git a/tests/tests/newusers/55_locked_group/newusers.test b/tests/tests/newusers/55_locked_group/newusers.test
new file mode 100755
index 0000000..cae0458
--- /dev/null
+++ b/tests/tests/newusers/55_locked_group/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when group is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/56_locked_gshadow/config.txt b/tests/tests/newusers/56_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config.txt
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/group b/tests/tests/newusers/56_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/gshadow b/tests/tests/newusers/56_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/passwd b/tests/tests/newusers/56_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/56_locked_gshadow/config/etc/shadow b/tests/tests/newusers/56_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/56_locked_gshadow/data/newusers.list b/tests/tests/newusers/56_locked_gshadow/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/56_locked_gshadow/data/usage.out b/tests/tests/newusers/56_locked_gshadow/data/usage.out
new file mode 100644
index 0000000..1d874cf
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/data/usage.out
@@ -0,0 +1,2 @@
+newusers: existing lock file /etc/gshadow.lock without a PID
+newusers: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/newusers/56_locked_gshadow/newusers.test b/tests/tests/newusers/56_locked_gshadow/newusers.test
new file mode 100755
index 0000000..a317867
--- /dev/null
+++ b/tests/tests/newusers/56_locked_gshadow/newusers.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when gshadow is already locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Create user foo (newusers foo)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/57_missing_input_file/config.txt b/tests/tests/newusers/57_missing_input_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config.txt
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/group b/tests/tests/newusers/57_missing_input_file/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/gshadow b/tests/tests/newusers/57_missing_input_file/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/passwd b/tests/tests/newusers/57_missing_input_file/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/57_missing_input_file/config/etc/shadow b/tests/tests/newusers/57_missing_input_file/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/57_missing_input_file/data/usage.out b/tests/tests/newusers/57_missing_input_file/data/usage.out
new file mode 100644
index 0000000..6b55e2a
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/data/usage.out
@@ -0,0 +1 @@
+newusers: data/newusers.list: No such file or directory
diff --git a/tests/tests/newusers/57_missing_input_file/newusers.test b/tests/tests/newusers/57_missing_input_file/newusers.test
new file mode 100755
index 0000000..7e74f73
--- /dev/null
+++ b/tests/tests/newusers/57_missing_input_file/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when the input file cann be read"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with missing input file (newusers data/newusers.list)..."
+newusers data/newusers.list 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/58_invalid_input_file/config.txt b/tests/tests/newusers/58_invalid_input_file/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config.txt
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/group b/tests/tests/newusers/58_invalid_input_file/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/gshadow b/tests/tests/newusers/58_invalid_input_file/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/passwd b/tests/tests/newusers/58_invalid_input_file/config/etc/passwd
new file mode 100644
index 0000000..5d27e12
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/passwd
@@ -0,0 +1,26 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser1:x:424242:424242::/home:/bin/bash
+myuser2:x:424243:424242::/home:/bin/bash
+myuser3:x:424244:424242::/home:/bin/bash
+myuser4:x:424245:424242::/home:/bin/bash
+myuser5:x:424246:424242::/home:/bin/bash
+myuser6:x:424247:424242::/home:/bin/bash
+myuser7:x:424248:424242::/home:/bin/bash
diff --git a/tests/tests/newusers/58_invalid_input_file/config/etc/shadow b/tests/tests/newusers/58_invalid_input_file/config/etc/shadow
new file mode 100644
index 0000000..da4c2bc
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/config/etc/shadow
@@ -0,0 +1,26 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser1:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
+myuser2:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12992:1:99996:5:::
+myuser3:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::0:
+myuser4:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7::1:
+myuser5:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:0::
+myuser6:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
+myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:1::
diff --git a/tests/tests/newusers/58_invalid_input_file/data/newusers.err b/tests/tests/newusers/58_invalid_input_file/data/newusers.err
new file mode 100644
index 0000000..fe15bdc
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/data/newusers.err
@@ -0,0 +1,2 @@
+newusers: line 1: invalid line
+newusers: error detected, changes ignored
diff --git a/tests/tests/newusers/58_invalid_input_file/data/newusers.list b/tests/tests/newusers/58_invalid_input_file/data/newusers.list
new file mode 100644
index 0000000..56266fd
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/data/newusers.list
@@ -0,0 +1 @@
+foo:foo:Pass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/58_invalid_input_file/newusers.test b/tests/tests/newusers/58_invalid_input_file/newusers.test
new file mode 100755
index 0000000..b4f7889
--- /dev/null
+++ b/tests/tests/newusers/58_invalid_input_file/newusers.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers warns when the input is invalid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call newusers with invalid input (newusers data/newusers.list)..."
+newusers data/newusers.list 2>tmp/newusers.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "newusers reported:"
+echo "======================================================================="
+cat tmp/newusers.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/newusers.err tmp/newusers.err
+echo "usage message OK."
+rm -f tmp/newusers.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/59_no_gshadow_file/config.txt b/tests/tests/newusers/59_no_gshadow_file/config.txt
new file mode 100644
index 0000000..557c421
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config.txt
@@ -0,0 +1,2 @@
+User foo exists, with password fooPass
+/etc/shadow will be destroyed
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/group b/tests/tests/newusers/59_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/gshadow b/tests/tests/newusers/59_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/common-password b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/newusers b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/passwd b/tests/tests/newusers/59_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/newusers/59_no_gshadow_file/config/etc/shadow b/tests/tests/newusers/59_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/group b/tests/tests/newusers/59_no_gshadow_file/data/group
new file mode 100644
index 0000000..a0ff22a
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:*:1000:
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/newusers.list b/tests/tests/newusers/59_no_gshadow_file/data/newusers.list
new file mode 100644
index 0000000..cc3b9ad
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/passwd b/tests/tests/newusers/59_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/59_no_gshadow_file/data/shadow b/tests/tests/newusers/59_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/59_no_gshadow_file/newusers.test b/tests/tests/newusers/59_no_gshadow_file/newusers.test
new file mode 100755
index 0000000..bf18186
--- /dev/null
+++ b/tests/tests/newusers/59_no_gshadow_file/newusers.test
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the password of an existing user, when there is no gshadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+rm -f /etc/gshadow
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/60_update_no_gecos/config.txt b/tests/tests/newusers/60_update_no_gecos/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/group b/tests/tests/newusers/60_update_no_gecos/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/gshadow b/tests/tests/newusers/60_update_no_gecos/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/common-password b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/newusers b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/passwd b/tests/tests/newusers/60_update_no_gecos/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/60_update_no_gecos/config/etc/shadow b/tests/tests/newusers/60_update_no_gecos/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/60_update_no_gecos/data/newusers.list b/tests/tests/newusers/60_update_no_gecos/data/newusers.list
new file mode 100644
index 0000000..6233663
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::::/bin/bash
diff --git a/tests/tests/newusers/60_update_no_gecos/data/passwd b/tests/tests/newusers/60_update_no_gecos/data/passwd
new file mode 100644
index 0000000..8fc494c
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/bash
diff --git a/tests/tests/newusers/60_update_no_gecos/data/shadow b/tests/tests/newusers/60_update_no_gecos/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/60_update_no_gecos/newusers.test b/tests/tests/newusers/60_update_no_gecos/newusers.test
new file mode 100755
index 0000000..fb57724
--- /dev/null
+++ b/tests/tests/newusers/60_update_no_gecos/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the gecos of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/newusers/61_update_no_shell/config.txt b/tests/tests/newusers/61_update_no_shell/config.txt
new file mode 100644
index 0000000..ea4c3ad
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config.txt
@@ -0,0 +1 @@
+User foo exists, with password fooPass
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/group b/tests/tests/newusers/61_update_no_shell/config/etc/group
new file mode 100644
index 0000000..555c889
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:65535:foo
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/gshadow b/tests/tests/newusers/61_update_no_shell/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/common-password b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/newusers b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/passwd b/tests/tests/newusers/61_update_no_shell/config/etc/passwd
new file mode 100644
index 0000000..9de3b24
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/newusers/61_update_no_shell/config/etc/shadow b/tests/tests/newusers/61_update_no_shell/config/etc/shadow
new file mode 100644
index 0000000..1368876
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:eKzSSVkXDoVUM:13906:0:99999:7:::
diff --git a/tests/tests/newusers/61_update_no_shell/data/newusers.list b/tests/tests/newusers/61_update_no_shell/data/newusers.list
new file mode 100644
index 0000000..75e0582
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass2:::User Foo - Gecos Field - updated::
diff --git a/tests/tests/newusers/61_update_no_shell/data/passwd b/tests/tests/newusers/61_update_no_shell/data/passwd
new file mode 100644
index 0000000..c84bc61
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:65535:65535:User Foo - Gecos Field - updated::/bin/sh
diff --git a/tests/tests/newusers/61_update_no_shell/data/shadow b/tests/tests/newusers/61_update_no_shell/data/shadow
new file mode 100644
index 0000000..c7f1556
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass2@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/newusers/61_update_no_shell/newusers.test b/tests/tests/newusers/61_update_no_shell/newusers.test
new file mode 100755
index 0000000..fb57724
--- /dev/null
+++ b/tests/tests/newusers/61_update_no_shell/newusers.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers can update the gecos of an existing user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/group b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/gshadow b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/passwd b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/shadow b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/shadow
new file mode 100644
index 0000000..3112803
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12978:0:99999:7:::
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/data/passwd.out b/tests/tests/passwd/01_passwd_-S_root_locked_account/data/passwd.out
new file mode 100644
index 0000000..86a73e1
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/data/passwd.out
@@ -0,0 +1 @@
+foo L 07/14/2005 0 99999 7 -1
diff --git a/tests/tests/passwd/01_passwd_-S_root_locked_account/passwd.test b/tests/tests/passwd/01_passwd_-S_root_locked_account/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/01_passwd_-S_root_locked_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/group b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/gshadow b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/passwd b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/shadow b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/data/passwd.out b/tests/tests/passwd/02_passwd_-S_root_valid_account/data/passwd.out
new file mode 100644
index 0000000..55af5a7
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/data/passwd.out
@@ -0,0 +1 @@
+foo P 07/13/2005 0 99999 7 -1
diff --git a/tests/tests/passwd/02_passwd_-S_root_valid_account/passwd.test b/tests/tests/passwd/02_passwd_-S_root_valid_account/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/02_passwd_-S_root_valid_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/group b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/gshadow b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/passwd b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/shadow b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/shadow
new file mode 100644
index 0000000..9b3b67f
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo::12988:0:99998:8:::
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/data/passwd.out b/tests/tests/passwd/03_passwd_-S_root_empty_password/data/passwd.out
new file mode 100644
index 0000000..c64fb61
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/data/passwd.out
@@ -0,0 +1 @@
+foo NP 07/24/2005 0 99998 8 -1
diff --git a/tests/tests/passwd/03_passwd_-S_root_empty_password/passwd.test b/tests/tests/passwd/03_passwd_-S_root_empty_password/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/03_passwd_-S_root_empty_password/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/group b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/gshadow b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/passwd b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/shadow b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/data/passwd.out b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/data/passwd.out
new file mode 100644
index 0000000..e86159d
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/data/passwd.out
@@ -0,0 +1 @@
+foo P
diff --git a/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
new file mode 100755
index 0000000..e084d34
--- /dev/null
+++ b/tests/tests/passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that /etc/shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/group b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/gshadow b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/passwd b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..dfb11c8
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/shadow b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/data/passwd.out b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/data/passwd.out
new file mode 100644
index 0000000..9ba8956
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/data/passwd.out
@@ -0,0 +1 @@
+foo L
diff --git a/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
new file mode 100755
index 0000000..0641638
--- /dev/null
+++ b/tests/tests/passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Request password information for user foo (passwd -S foo)..."
+passwd -S foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/group b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/gshadow b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/passwd b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/shadow b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/data/passwd.out b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/data/shadow b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/shadow
new file mode 100644
index 0000000..79c859a
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/06_passwd_-l_root_lock_account/passwd.test b/tests/tests/passwd/06_passwd_-l_root_lock_account/passwd.test
new file mode 100755
index 0000000..3fabb12
--- /dev/null
+++ b/tests/tests/passwd/06_passwd_-l_root_lock_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can lock a password with passwd -l"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (passwd -l foo)..."
+passwd -l foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/group b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/gshadow b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/passwd b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..440df65
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/shadow b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..3ca4f73
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd.out b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
new file mode 100755
index 0000000..099c380
--- /dev/null
+++ b/tests/tests/passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can lock a password in /etc/passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (passwd -l foo)..."
+passwd -l foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/group b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/gshadow b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/passwd b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/shadow b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/shadow
new file mode 100644
index 0000000..79c859a
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/passwd.out b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/shadow b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/08_passwd_-u_root_unlock_account/passwd.test b/tests/tests/passwd/08_passwd_-u_root_unlock_account/passwd.test
new file mode 100755
index 0000000..b5ac0d8
--- /dev/null
+++ b/tests/tests/passwd/08_passwd_-u_root_unlock_account/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can unlock a password with passwd -u"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "unlock foo's password (passwd -u foo)..."
+passwd -u foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/group b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/gshadow b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/passwd b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/shadow b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/data/passwd.err b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/data/passwd.err
new file mode 100644
index 0000000..2987d41
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/data/passwd.err
@@ -0,0 +1,2 @@
+passwd: unlocking the password would result in a passwordless account.
+You should set a password with usermod -p to unlock the password of this account.
diff --git a/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/passwd.test b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
new file mode 100755
index 0000000..b4d62f7
--- /dev/null
+++ b/tests/tests/passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd -u cannot create a passwordless account"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (passwd -u foo)..."
+passwd -u foo 2> tmp/passwd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.err
+echo "======================================================================="
+echo -n "Check the error message..."
+diff -au data/passwd.err tmp/passwd.err
+echo "error message OK."
+rm -f tmp/passwd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/group b/tests/tests/passwd/10_passwd_-d_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/gshadow b/tests/tests/passwd/10_passwd_-d_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/passwd b/tests/tests/passwd/10_passwd_-d_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/10_passwd_-d_root/config/etc/shadow b/tests/tests/passwd/10_passwd_-d_root/config/etc/shadow
new file mode 100644
index 0000000..79c859a
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/10_passwd_-d_root/data/passwd.out b/tests/tests/passwd/10_passwd_-d_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/10_passwd_-d_root/data/shadow b/tests/tests/passwd/10_passwd_-d_root/data/shadow
new file mode 100644
index 0000000..85ef660
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo::12977:0:99999:7:::
diff --git a/tests/tests/passwd/10_passwd_-d_root/passwd.test b/tests/tests/passwd/10_passwd_-d_root/passwd.test
new file mode 100755
index 0000000..e1ac5f2
--- /dev/null
+++ b/tests/tests/passwd/10_passwd_-d_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can delete a password with passwd -d"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete foo's password (passwd -d foo)..."
+passwd -d foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/group b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/gshadow b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/passwd b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/config/etc/shadow b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/data/passwd.out b/tests/tests/passwd/11_passwd_--mindays_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/data/shadow b/tests/tests/passwd/11_passwd_--mindays_root/data/shadow
new file mode 100644
index 0000000..f424ad6
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:10:99999:7:::
diff --git a/tests/tests/passwd/11_passwd_--mindays_root/passwd.test b/tests/tests/passwd/11_passwd_--mindays_root/passwd.test
new file mode 100755
index 0000000..409396f
--- /dev/null
+++ b/tests/tests/passwd/11_passwd_--mindays_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --mindays"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the min number of days for foo's password (passwd --mindays 10 foo)..."
+passwd --mindays 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/group b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/gshadow b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/passwd b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/shadow b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/data/passwd.out b/tests/tests/passwd/12_passwd_--maxdays_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/data/shadow b/tests/tests/passwd/12_passwd_--maxdays_root/data/shadow
new file mode 100644
index 0000000..82f40b6
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:10:7:::
diff --git a/tests/tests/passwd/12_passwd_--maxdays_root/passwd.test b/tests/tests/passwd/12_passwd_--maxdays_root/passwd.test
new file mode 100755
index 0000000..a895e3e
--- /dev/null
+++ b/tests/tests/passwd/12_passwd_--maxdays_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --maxdays"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the max number of days for foo's password (passwd --maxdays 10 foo)..."
+passwd --maxdays 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/group b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/gshadow b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/passwd b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/config/etc/shadow b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/data/passwd.out b/tests/tests/passwd/13_passwd_--warndays_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/data/shadow b/tests/tests/passwd/13_passwd_--warndays_root/data/shadow
new file mode 100644
index 0000000..a62edfa
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:10:::
diff --git a/tests/tests/passwd/13_passwd_--warndays_root/passwd.test b/tests/tests/passwd/13_passwd_--warndays_root/passwd.test
new file mode 100755
index 0000000..18a8b87
--- /dev/null
+++ b/tests/tests/passwd/13_passwd_--warndays_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --warndays"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the number of warning days for foo's password (passwd --warndays 10 foo)..."
+passwd --warndays 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/group b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/gshadow b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/passwd b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/config/etc/shadow b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/data/passwd.out b/tests/tests/passwd/14_passwd_--inactive_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/data/shadow b/tests/tests/passwd/14_passwd_--inactive_root/data/shadow
new file mode 100644
index 0000000..52dc304
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:10::
diff --git a/tests/tests/passwd/14_passwd_--inactive_root/passwd.test b/tests/tests/passwd/14_passwd_--inactive_root/passwd.test
new file mode 100755
index 0000000..52dbab0
--- /dev/null
+++ b/tests/tests/passwd/14_passwd_--inactive_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --inactive"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the number of inactive days for foo's password (passwd --inactive 10 foo)..."
+passwd --inactive 10 foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/group b/tests/tests/passwd/15_passwd_--expire_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/gshadow b/tests/tests/passwd/15_passwd_--expire_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/passwd b/tests/tests/passwd/15_passwd_--expire_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/15_passwd_--expire_root/config/etc/shadow b/tests/tests/passwd/15_passwd_--expire_root/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/15_passwd_--expire_root/data/passwd.out b/tests/tests/passwd/15_passwd_--expire_root/data/passwd.out
new file mode 100644
index 0000000..55ce2cc
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/data/passwd.out
@@ -0,0 +1 @@
+passwd: password expiry information changed.
diff --git a/tests/tests/passwd/15_passwd_--expire_root/data/shadow b/tests/tests/passwd/15_passwd_--expire_root/data/shadow
new file mode 100644
index 0000000..4cd6096
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:0:0:99999:7:::
diff --git a/tests/tests/passwd/15_passwd_--expire_root/passwd.test b/tests/tests/passwd/15_passwd_--expire_root/passwd.test
new file mode 100755
index 0000000..f2ab71d
--- /dev/null
+++ b/tests/tests/passwd/15_passwd_--expire_root/passwd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can use passwd --expire"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set foo's password as expired (passwd --expire foo)..."
+passwd --expire foo > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/group b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/gshadow b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/passwd b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/config/etc/shadow b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/shadow
new file mode 100644
index 0000000..3112803
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12978:0:99999:7:::
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/data/passwd.out b/tests/tests/passwd/16_passwd_-S-a_root/data/passwd.out
new file mode 100644
index 0000000..5a1b479
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/data/passwd.out
@@ -0,0 +1,20 @@
+root P 07/27/2005 0 99999 7 -1
+daemon L 07/13/2005 0 99999 7 -1
+bin L 07/13/2005 0 99999 7 -1
+sys L 07/13/2005 0 99999 7 -1
+sync L 07/13/2005 0 99999 7 -1
+games L 07/13/2005 0 99999 7 -1
+man L 07/13/2005 0 99999 7 -1
+lp L 07/13/2005 0 99999 7 -1
+mail L 07/13/2005 0 99999 7 -1
+news L 07/13/2005 0 99999 7 -1
+uucp L 07/13/2005 0 99999 7 -1
+proxy L 07/13/2005 0 99999 7 -1
+www-data L 07/13/2005 0 99999 7 -1
+backup L 07/13/2005 0 99999 7 -1
+list L 07/13/2005 0 99999 7 -1
+irc L 07/13/2005 0 99999 7 -1
+gnats L 07/13/2005 0 99999 7 -1
+nobody L 07/13/2005 0 99999 7 -1
+Debian-exim L 07/13/2005 0 99999 7 -1
+foo L 07/14/2005 0 99999 7 -1
diff --git a/tests/tests/passwd/16_passwd_-S-a_root/passwd.test b/tests/tests/passwd/16_passwd_-S-a_root/passwd.test
new file mode 100755
index 0000000..1b64c53
--- /dev/null
+++ b/tests/tests/passwd/16_passwd_-S-a_root/passwd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can report the status of an account to root"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+echo -n "passwd -S -a..."
+passwd -S -a > tmp/passwd.out
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.out
+echo "======================================================================="
+echo -n "Check the message..."
+diff -au data/passwd.out tmp/passwd.out
+echo "message OK."
+rm -f tmp/passwd.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/group b/tests/tests/passwd/17_passwd_root_change_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/gshadow b/tests/tests/passwd/17_passwd_root_change_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/pam.d/common-password b/tests/tests/passwd/17_passwd_root_change_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..38bce56
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/passwd b/tests/tests/passwd/17_passwd_root_change_password/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/17_passwd_root_change_password/config/etc/shadow b/tests/tests/passwd/17_passwd_root_change_password/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/17_passwd_root_change_password/data/shadow b/tests/tests/passwd/17_passwd_root_change_password/data/shadow
new file mode 100644
index 0000000..6731888
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/data/shadow
@@ -0,0 +1,20 @@
+root:@PASS_MD5 rootpassword@:@TODAY@:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/17_passwd_root_change_password/passwd.exp b/tests/tests/passwd/17_passwd_root_change_password/passwd.exp
new file mode 100755
index 0000000..44c093b
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/passwd.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "passwd\r"
+expect "Enter new UNIX password: "
+send "rootpassword\r"
+expect "Retype new UNIX password: "
+send "rootpassword\r"
+expect "passwd: password updated successfully"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/17_passwd_root_change_password/passwd.test b/tests/tests/passwd/17_passwd_root_change_password/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/17_passwd_root_change_password/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/group b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/gshadow b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/pam.d/common-password b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..442182a
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/passwd b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/shadow b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/shadow
new file mode 100644
index 0000000..dced560
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$qFkVP1JD$QKhVFDs906AgiPjnyRPPk0:12977:0:99999:7:::
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/data/shadow b/tests/tests/passwd/18_passwd_root_change_password_user/data/shadow
new file mode 100644
index 0000000..30ac54d
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES foopassword@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/passwd.exp b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.exp
new file mode 100755
index 0000000..e7b3b8d
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+
+send "passwd foo\r"
+expect "Enter new UNIX password: "
+send "foopassword\r"
+expect "Retype new UNIX password: "
+send "foopassword\r"
+expect "passwd: password updated successfully"
+expect "# "
+send "echo \$?\r"
+expect "0"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/18_passwd_root_change_password_user/passwd.test b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/18_passwd_root_change_password_user/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/group b/tests/tests/passwd/19_passwd_user_change_password/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/gshadow b/tests/tests/passwd/19_passwd_user_change_password/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/pam.d/common-password b/tests/tests/passwd/19_passwd_user_change_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..a0d4283
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha256
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/passwd b/tests/tests/passwd/19_passwd_user_change_password/config/etc/passwd
new file mode 100644
index 0000000..82223ff
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
diff --git a/tests/tests/passwd/19_passwd_user_change_password/config/etc/shadow b/tests/tests/passwd/19_passwd_user_change_password/config/etc/shadow
new file mode 100644
index 0000000..18a7168
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
diff --git a/tests/tests/passwd/19_passwd_user_change_password/data/shadow b/tests/tests/passwd/19_passwd_user_change_password/data/shadow
new file mode 100644
index 0000000..a638637
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA256 password-foo@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/passwd/19_passwd_user_change_password/passwd.exp b/tests/tests/passwd/19_passwd_user_change_password/passwd.exp
new file mode 100755
index 0000000..5754a05
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/passwd.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+send "su -l foo\r"
+expect "$ "
+send "id\r"
+expect "uid=1000(foo) gid=1000(foo) groups=1000(foo)"
+
+send "passwd\r"
+expect "Changing password for foo."
+expect "(current) UNIX password: "
+send "foopassword\r"
+expect "Enter new UNIX password: "
+send "password-foo\r"
+expect "Retype new UNIX password: "
+send "password-foo\r"
+expect "passwd: password updated successfully"
+expect "$ "
+send "echo \$?\r"
+expect "0"
+expect "$ "
+send "exit\r"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/19_passwd_user_change_password/passwd.test b/tests/tests/passwd/19_passwd_user_change_password/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/19_passwd_user_change_password/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/group b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/gshadow b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/pam.d/common-password b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..cb8c7b7
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/passwd b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/passwd
new file mode 100644
index 0000000..82223ff
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/shadow b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/shadow
new file mode 100644
index 0000000..18a7168
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/data/shadow b/tests/tests/passwd/20_passwd_user_change_password_same_user/data/shadow
new file mode 100644
index 0000000..542ae82
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_SHA512 password-foo@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.exp b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.exp
new file mode 100755
index 0000000..33ee29a
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/sh
+send "if \[ \$(id -u) -eq 0 \]; then PS1='# '; else PS1='$ '; fi\r"
+expect "# "
+send "su -l foo\r"
+expect "$ "
+send "id\r"
+expect "uid=1000(foo) gid=1000(foo) groups=1000(foo)"
+
+send "passwd foo\r"
+expect "Changing password for foo."
+expect "(current) UNIX password: "
+send "foopassword\r"
+expect "Enter new UNIX password: "
+send "password-foo\r"
+expect "Retype new UNIX password: "
+send "password-foo\r"
+expect "passwd: password updated successfully"
+expect "$ "
+send "echo \$?\r"
+expect "0"
+expect "$ "
+send "exit\r"
+expect "# "
+send "exit\r"
+puts "OK\n"
+exit 0
diff --git a/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.test b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.test
new file mode 100755
index 0000000..e181273
--- /dev/null
+++ b/tests/tests/passwd/20_passwd_user_change_password_same_user/passwd.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./passwd.exp
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/group b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/group
new file mode 100644
index 0000000..fb4f67e
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo1:x:1001:
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/gshadow b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/gshadow
new file mode 100644
index 0000000..3e73b5a
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo1:*::
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/passwd b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/passwd
new file mode 100644
index 0000000..54cce8e
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
+foo1:x:1001:1001:::/bin/bash
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/shadow b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/shadow
new file mode 100644
index 0000000..4f88f0c
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
+foo1:$1$hU4j2cnt$tRiti0uCvqiQN9u6iMHBq.:12977:0:99999:7:::
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/data/passwd.err b/tests/tests/passwd/21_passwd_user_change_password_other_user/data/passwd.err
new file mode 100644
index 0000000..5b45f51
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/data/passwd.err
@@ -0,0 +1 @@
+passwd: You may not view or modify password information for foo1.
diff --git a/tests/tests/passwd/21_passwd_user_change_password_other_user/passwd.test b/tests/tests/passwd/21_passwd_user_change_password_other_user/passwd.test
new file mode 100755
index 0000000..bcb0a10
--- /dev/null
+++ b/tests/tests/passwd/21_passwd_user_change_password_other_user/passwd.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "root can change her password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+su -l foo -c "passwd foo1" 2>tmp/passwd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/passwd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/passwd.err tmp/passwd.err
+echo "error message OK."
+rm -f tmp/passwd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/passwd/22_passwd_usage/config.txt b/tests/tests/passwd/22_passwd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/group b/tests/tests/passwd/22_passwd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/gshadow b/tests/tests/passwd/22_passwd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/passwd b/tests/tests/passwd/22_passwd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/passwd/22_passwd_usage/config/etc/shadow b/tests/tests/passwd/22_passwd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/passwd/22_passwd_usage/data/usage.out b/tests/tests/passwd/22_passwd_usage/data/usage.out
new file mode 100644
index 0000000..21552fe
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/data/usage.out
@@ -0,0 +1,22 @@
+Usage: passwd [options] [LOGIN]
+
+Options:
+  -a, --all                     report password status on all accounts
+  -d, --delete                  delete the password for the named account
+  -e, --expire                  force expire the password for the named account
+  -h, --help                    display this help message and exit
+  -k, --keep-tokens             change password only if expired
+  -i, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -l, --lock                    lock the password of the named account
+  -n, --mindays MIN_DAYS        set minimum number of days before password
+                                change to MIN_DAYS
+  -q, --quiet                   quiet mode
+  -r, --repository REPOSITORY   change password in REPOSITORY repository
+  -R, --root CHROOT_DIR         directory to chroot into
+  -S, --status                  report password status on the named account
+  -u, --unlock                  unlock the password of the named account
+  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
+  -x, --maxdays MAX_DAYS        set maximum number of days before password
+                                change to MAX_DAYS
+
diff --git a/tests/tests/passwd/22_passwd_usage/passwd.test b/tests/tests/passwd/22_passwd_usage/passwd.test
new file mode 100755
index 0000000..077ec90
--- /dev/null
+++ b/tests/tests/passwd/22_passwd_usage/passwd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "passwd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get passwd usage (passwd -h)..."
+passwd -h >tmp/usage.out
+
+echo "passwd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/run_all b/tests/tests/run_all
new file mode 100755
index 0000000..ba6993a
--- /dev/null
+++ b/tests/tests/run_all
@@ -0,0 +1,1310 @@
+#!/bin/sh
+
+set -e
+
+export LC_ALL=C
+unset LANG
+unset LANGUAGE
+. common/config.sh
+
+USE_PAM="yes"
+FAILURE_TESTS="yes"
+
+succeeded=0
+failed=0
+failed_tests=""
+
+run_test()
+{
+	[ -f RUN_TEST.STOP ] && exit 1
+
+	if $1 > $1.log
+	then
+		succeeded=$((succeeded+1))
+		echo -n "+"
+	else
+		failed=$((failed+1))
+		failed_tests="$failed_tests $1"
+		echo -n "-"
+	fi
+	cat $1.log >> testsuite.log
+	[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
+	[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
+	[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
+	then
+		echo $1
+		ls -l /etc/shadow
+		chgrp shadow /etc/shadow
+	fi
+	if [ -d /nonexistent ]
+	then
+		echo $1 /nonexistent
+		rmdir /nonexistent
+	fi
+}
+
+echo "+: test passed"
+echo "-: test failed"
+
+# Empty the complete log.
+> testsuite.log
+
+find "${build_path}" -name "*.gcda" -delete
+run_test ./su/01/su_root.test
+run_test ./su/01/su_user.test
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./su/02/env_FOO-options_--login
+run_test ./su/02/env_FOO-options_--login_bash
+run_test ./su/02/env_FOO-options_--preserve-environment
+run_test ./su/02/env_FOO-options_--preserve-environment_bash
+run_test ./su/02/env_FOO-options_-
+run_test ./su/02/env_FOO-options_-_bash
+run_test ./su/02/env_FOO-options_-l-m
+run_test ./su/02/env_FOO-options_-l-m_bash
+run_test ./su/02/env_FOO-options_-l
+run_test ./su/02/env_FOO-options_-l_bash
+run_test ./su/02/env_FOO-options_-m_bash
+run_test ./su/02/env_FOO-options_-m
+run_test ./su/02/env_FOO-options_-p
+run_test ./su/02/env_FOO-options_-p_bash
+run_test ./su/02/env_FOO-options__bash
+run_test ./su/02/env_FOO-options_
+run_test ./su/02/env_FOO-options_-p-
+run_test ./su/02/env_FOO-options_-p-_bash
+run_test ./su/02/env_special-options_-l-p
+run_test ./su/02/env_special-options_-l
+run_test ./su/02/env_special-options_-l-p_bash
+run_test ./su/02/env_special-options_-l_bash
+run_test ./su/02/env_special-options_-p
+run_test ./su/02/env_special-options_-p_bash
+run_test ./su/02/env_special-options_
+run_test ./su/02/env_special-options__bash
+run_test ./su/02/env_special_root-options_-l-p
+run_test ./su/02/env_special_root-options_-l-p_bash
+run_test ./su/02/env_special_root-options_-l
+run_test ./su/02/env_special_root-options_-l_bash
+run_test ./su/02/env_special_root-options_-p
+run_test ./su/02/env_special_root-options_-p_bash
+run_test ./su/02/env_special_root-options_
+run_test ./su/02/env_special_root-options__bash
+run_test ./su/03/su_run_command01.test
+run_test ./su/03/su_run_command02.test
+run_test ./su/03/su_run_command03.test
+run_test ./su/03/su_run_command04.test
+run_test ./su/03/su_run_command05.test
+run_test ./su/03/su_run_command06.test
+run_test ./su/03/su_run_command07.test
+run_test ./su/03/su_run_command08.test
+run_test ./su/03/su_run_command09.test
+run_test ./su/03/su_run_command10.test
+run_test ./su/03/su_run_command11.test
+run_test ./su/03/su_run_command12.test
+run_test ./su/03/su_run_command13.test
+run_test ./su/03/su_run_command14.test
+run_test ./su/03/su_run_command15.test
+run_test ./su/03/su_run_command16.test
+run_test ./su/03/su_run_command17.test
+run_test ./su/04/su_wrong_user.test
+run_test ./su/04/su_user_wrong_passwd.test
+run_test ./su/04/su_user_wrong_passwd_syslog.test
+run_test ./su/05/su_user_wrong_passwd_syslog.test
+run_test ./su/06/su_user_syslog.test
+run_test ./su/07/su_user_syslog.test
+run_test ./su/08/env_special-options_
+run_test ./su/08/env_special_root-options_
+run_test ./su/09/env_special-options_
+run_test ./su/09/env_special_root-options_
+run_test ./su/10_su_sulog_success/su.test
+run_test ./su/11_su_sulog_failure/su.test
+run_test ./su/12_su_child_failure/su.test
+run_test ./su/13_su_child_success/su.test
+run_test ./chage/01/run
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./chage/02/run
+run_test ./chage/03_chsh_usage/chage.test
+run_test ./chage/04_chsh_usage_invalid_option/chage.test
+run_test ./chage/05_chsh_usage_2_users/chage.test
+run_test ./chage/06_chsh_usage_no_users/chage.test
+run_test ./chage/07_chsh_usage-l_exclusive/chage.test
+run_test ./chage/08_chsh_usage_invalid_date/chage.test
+run_test ./chage/09_chsh_usage_invalid_numeric_arg/chage.test
+run_test ./chage/10_chsh-l/chage.test
+run_test ./chage/11_chsh_usage_invalid_user/chage.test
+run_test ./chage/12_chsh_usage-l_invalid_user2/chage.test
+run_test ./chage/13_chsh_locked_passwd/chage.test
+run_test ./chage/14_chsh_locked_shadow/chage.test
+run_test ./chage/15_chage-I_no_shadow_entry/chage.test
+run_test ./chage/16_chage-m_no_shadow_entry/chage.test
+run_test ./chage/17_chage-M_no_shadow_entry/chage.test
+run_test ./chage/18_chage-d_no_shadow_entry/chage.test
+run_test ./chage/19_chage-W_no_shadow_entry/chage.test
+run_test ./chage/20_chage-E_no_shadow_entry/chage.test
+run_test ./chage/21_chage_no_shadow_file/chage.test
+run_test ./chage/22_chage_myuser-l/chage.test
+run_test ./chage/23_chage_myuser-I/chage.test
+run_test ./chage/24_chage_myuser-l_other/chage.test
+run_test ./chage/25_chage_interactive/chage.test
+run_test ./chage/26_chage_interactive_date_0/chage.test
+run_test ./chage/27_chage_interactive_date_-1/chage.test
+run_test ./chage/28_chage_interactive_date_EPOCH/chage.test
+run_test ./chage/29_chage_interactive_date_pre-EPOCH/chage.test
+run_test ./chage/30_chage_interactive_date_pre-EPOCH2/chage.test
+run_test ./chage/31_chage_interactive_date_invalid/chage.test
+run_test ./chage/32_chage_interactive_date_invalid2/chage.test
+run_test ./chage/33_chage_interactive-W_invalid1/chage.test
+run_test ./chage/34_chage_interactive-W_invalid2/chage.test
+run_test ./chage/35_chage_interactive-W-1/chage.test
+run_test ./chage/36_chage_interactive-I_invalid1/chage.test
+run_test ./chage/37_chage_interactive-I_invalid2/chage.test
+run_test ./chage/38_chage_interactive-I-1/chage.test
+run_test ./chage/39_chage_interactive-d-1/chage.test
+run_test ./chsh/01/run
+run_test ./chsh/02_chsh_usage/chsh.test
+run_test ./chsh/03_chsh_usage_invalid_option/chsh.test
+run_test ./chsh/04_chsh_usage_2_users/chsh.test
+run_test ./chsh/05_chsh_myuser_restricted_shell/chsh.test
+run_test ./chsh/06_chsh_myuser_non_restricted_shell/chsh.test
+run_test ./chsh/07_chsh_usage_invalid_user/chsh.test
+run_test ./chsh/08_chsh_myuser_to_restricted_shell/chsh.test
+run_test ./chsh/09_chsh_myuser_to_missing_shell/chsh.test
+run_test ./chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
+run_test ./chsh/11_chsh_auth_failure/chsh.test
+run_test ./chsh/12_chsh_warning_missing_shell/chsh.test
+run_test ./chsh/13_chsh_warning_non_executable/chsh.test
+run_test ./chsh/14_chsh_locked_passwd/chsh.test
+run_test ./chsh/15_chsh_PAM_error/chsh.test
+run_test ./chroot/chage/01_chage--root/chage.test
+run_test ./chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
+run_test ./chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
+run_test ./chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
+run_test ./chroot/chsh/01_chsh--root/chsh.test
+run_test ./chroot/gpasswd/01_gpasswd--root/gpasswd.test
+run_test ./chroot/groupadd/01_groupadd--root/groupadd.test
+run_test ./chroot/groupdel/01_groupdel--root/groupdel.test
+run_test ./chroot/groupmod/01_groupmod--root/groupmod.test
+run_test ./chroot/grpck/01_grpck--root/grpck.test
+run_test ./chroot/grpconv/01_grpconv--root/grpconv.test
+run_test ./chroot/grpunconv/01_grpunconv--root/grpunconv.test
+run_test ./chroot/lastlog/01_lastlog--root/lastlog.test
+run_test ./chroot/login/01_login_sublogin/login.test
+run_test ./chroot/pwck/01_pwck--root/pwck.test
+run_test ./chroot/pwconv/01_pwconv--root/pwconv.test
+run_test ./chroot/pwunconv/01_pwunconv--root/pwunconv.test
+run_test ./chroot/useradd/01_useradd--root/useradd.test
+run_test ./chroot/useradd/02_useradd--root_login.defs/useradd.test
+run_test ./chroot/useradd/03_useradd--root_useradd.default/useradd.test
+run_test ./chroot/useradd/04_useradd--root_useradd-D/useradd.test
+run_test ./chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
+run_test ./chroot/userdel/01_userdel--root/userdel.test
+run_test ./chroot/usermod/01_usermod--root/usermod.test
+run_test ./convtools/01/run
+run_test ./convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
+run_test ./convtools/03_grpconv_copy_passwd/grpconv.test
+run_test ./convtools/04_grpconv_no_password/grpconv.test
+run_test ./convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
+run_test ./convtools/06_grpconv_error_group_locked/grpconv.test
+run_test ./convtools/07_grpconv_error_gshadow_locked/grpconv.test
+run_test ./convtools/08_grpunconv_no_gshadow_file/grpunconv.test
+run_test ./convtools/09_grpunconv_error_group_locked/grpunconv.test
+run_test ./convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
+run_test ./convtools/11_pwconv_error_passwd_locked/pwconv.test
+run_test ./convtools/12_pwconv_error_shadow_locked/pwconv.test
+run_test ./convtools/13_pwunconv_error_passwd_locked/pwunconv.test
+run_test ./convtools/14_pwunconv_error_shadow_locked/pwunconv.test
+run_test ./convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
+run_test ./convtools/16_pwconv_copy_passwd/pwconv.test
+run_test ./convtools/17_pwunconv_no_shadow_file/pwunconv.test
+run_test ./convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
+run_test ./convtools/19_pwconv_NIS/pwconv.test
+run_test ./convtools/20_pwunconv_usage_option/pwunconv.test
+run_test ./convtools/21_pwunconv_keep_passwd_password/pwunconv.test
+run_test ./convtools/22_grpunconv_usage_option/grpunconv.test
+run_test ./convtools/23_grpunconv_keep_group_password/grpunconv.test
+run_test ./convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
+run_test ./convtools/25_pwconv_usage_option/pwconv.test
+run_test ./convtools/26_grpconv_usage_option/grpconv.test
+run_test ./convtools/27_pwunconv_usage/pwunconv.test
+run_test ./convtools/28_pwunconv_usage_extra_arg/pwunconv.test
+run_test ./convtools/29_grpconv_usage/grpconv.test
+run_test ./convtools/30_grpconv_usage_extra_arg/grpconv.test
+run_test ./convtools/31_pwconv_usage/pwconv.test
+run_test ./convtools/32_pwconv_usage_extra_arg/pwconv.test
+run_test ./convtools/33_grpunconv_usage/grpunconv.test
+run_test ./convtools/34_grpunconv_usage_extra_arg/grpunconv.test
+run_test ./cptools/02_cppw_usage/cppw.test
+run_test ./cptools/03_cppw_usage_invalid_option/cppw.test
+run_test ./cptools/04_cppw_no_file_argument/cppw.test
+run_test ./cptools/05_cppw_2_files/cppw.test
+run_test ./cptools/06_cppw_no_file/cppw.test
+run_test ./cptools/07_cppw_locked_passwd/cppw.test
+run_test ./cptools/08_cppw-p/cppw.test
+run_test ./cptools/09_cppw-g/cppw.test
+run_test ./cptools/10_cppw-g-s/cppw.test
+run_test ./cptools/11_cppw-p-s/cppw.test
+run_test ./cptools/12_cppw-s_no_shadow_file/cppw.test
+run_test ./debian/01/run
+run_test ./grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
+run_test ./grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
+run_test ./grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
+run_test ./grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
+run_test ./grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
+run_test ./grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
+run_test ./grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
+run_test ./grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
+run_test ./grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
+run_test ./grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
+run_test ./grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
+run_test ./grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
+run_test ./grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
+run_test ./grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
+run_test ./grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
+run_test ./grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
+run_test ./grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
+run_test ./grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
+run_test ./grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
+run_test ./grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
+run_test ./grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
+run_test ./grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
+run_test ./grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
+run_test ./grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
+run_test ./grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
+run_test ./grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
+run_test ./grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
+run_test ./grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
+run_test ./grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
+run_test ./grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
+run_test ./grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
+run_test ./grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
+run_test ./grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
+run_test ./grouptools/groupadd/01_groupadd_add_group/groupadd.test
+run_test ./grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/04_groupadd_set_password/groupadd.test
+run_test ./grouptools/groupadd/05_groupadd_set_GID/groupadd.test
+run_test ./grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
+run_test ./grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/08_groupadd_locked_group/groupadd.test
+run_test ./grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
+run_test ./grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
+run_test ./grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
+run_test ./grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
+run_test ./grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
+run_test ./grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
+run_test ./grouptools/groupadd/16_groupadd_existing_group/groupadd.test
+run_test ./grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
+run_test ./grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
+run_test ./grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
+run_test ./grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
+run_test ./grouptools/groupadd/22_groupadd_usage/groupadd.test
+run_test ./grouptools/groupadd/23_groupadd_no_groups/groupadd.test
+run_test ./grouptools/groupadd/24_groupadd_2_groups/groupadd.test
+run_test ./grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
+run_test ./grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
+run_test ./grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
+run_test ./grouptools/groupdel/01_groupdel_delete_group/groupdel.test
+run_test ./grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
+run_test ./grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
+run_test ./grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
+run_test ./grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
+run_test ./grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
+run_test ./grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
+run_test ./grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/10_groupdel_usage/groupdel.test
+run_test ./grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
+run_test ./grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
+run_test ./grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
+run_test ./grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
+run_test ./grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
+run_test ./grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
+run_test ./grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
+run_test ./grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
+run_test ./grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
+run_test ./grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
+run_test ./grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
+run_test ./grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
+run_test ./grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
+run_test ./grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
+run_test ./grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
+run_test ./grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
+run_test ./grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
+run_test ./grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/53_groupmems_usage/groupmems.test
+run_test ./grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
+run_test ./grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
+run_test ./grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
+run_test ./grouptools/groupmems/57_groupmems_authentication/groupmems.test
+run_test ./grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
+run_test ./grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
+run_test ./grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
+run_test ./grouptools/groupmod/01_groupmod_change_gid/groupmod.test
+run_test ./grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
+run_test ./grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
+run_test ./grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
+run_test ./grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/09_groupmod_set_password/groupmod.test
+run_test ./grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
+run_test ./grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
+run_test ./grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
+run_test ./grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
+run_test ./grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
+run_test ./grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
+run_test ./grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
+run_test ./grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
+run_test ./grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
+run_test ./grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
+run_test ./grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
+run_test ./grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
+run_test ./grouptools/groupmod/28_groupmod_usage/groupmod.test
+run_test ./grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
+run_test ./grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
+run_test ./grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
+run_test ./grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
+run_test ./grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
+run_test ./grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
+run_test ./grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
+run_test ./log/faillog/01_faillog_no_faillog/faillog.test
+run_test ./log/faillog/02_faillog_usage/faillog.test
+run_test ./log/faillog/03_faillog_format/faillog.test
+run_test ./log/faillog/04_faillog_multiple/faillog.test
+run_test ./log/faillog/05_faillog-u_ID/faillog.test
+run_test ./log/faillog/06_faillog-u_name/faillog.test
+run_test ./log/faillog/07_faillog-u_ID_invalid/faillog.test
+run_test ./log/faillog/08_faillog-u_name_invalid/faillog.test
+run_test ./log/faillog/09_faillog-u_range/faillog.test
+run_test ./log/faillog/10_faillog-u_open_range/faillog.test
+run_test ./log/faillog/11_faillog-u_range_open/faillog.test
+run_test ./log/faillog/12_faillog-u_range_invalid1/faillog.test
+run_test ./log/faillog/13_faillog-u_range_invalid2/faillog.test
+run_test ./log/faillog/14_faillog-u_range_invalid3/faillog.test
+run_test ./log/faillog/15_faillog_bad_option/faillog.test
+run_test ./log/faillog/16_faillog_extra_arg/faillog.test
+run_test ./log/faillog/17_faillog-t/faillog.test
+run_test ./log/faillog/18_faillog-t_invalid/faillog.test
+run_test ./log/faillog/19_faillog_multiple_same_user/faillog.test
+run_test ./log/faillog/20_faillog-r-u/faillog.test
+run_test ./log/faillog/21_faillog-r-u_range/faillog.test
+run_test ./log/faillog/22_faillog_removed_user/faillog.test
+run_test ./log/faillog/23_faillog-a_removed_user/faillog.test
+run_test ./log/faillog/24_faillog-u_removed_user/faillog.test
+run_test ./log/faillog/25_faillog-r-u_removed_user/faillog.test
+run_test ./log/faillog/26_faillog-r-u_range_removed_user/faillog.test
+run_test ./log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
+run_test ./log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
+run_test ./log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
+run_test ./log/faillog/30_faillog-r/faillog.test
+run_test ./log/faillog/31_faillog-r-u_open_range/faillog.test
+run_test ./log/faillog/32_faillog-l/faillog.test
+run_test ./log/faillog/33_faillog-l-u_user/faillog.test
+run_test ./log/faillog/34_faillog-l-u_range/faillog.test
+run_test ./log/faillog/35_faillog-l-u_open_range/faillog.test
+run_test ./log/faillog/36_faillog-l-u_range_open/faillog.test
+run_test ./log/faillog/37_faillog-l-a-u_user/faillog.test
+run_test ./log/faillog/38_faillog-l-a-u_range/faillog.test
+run_test ./log/faillog/39_faillog-l-a-u_open_range/faillog.test
+run_test ./log/faillog/40_faillog-l-a-u_range_open/faillog.test
+run_test ./log/faillog/41_faillog-l_invalid/faillog.test
+run_test ./log/faillog/42_faillog-m/faillog.test
+run_test ./log/faillog/43_faillog-m-u_user/faillog.test
+run_test ./log/faillog/44_faillog-m-u_range/faillog.test
+run_test ./log/faillog/45_faillog-m-u_open_range/faillog.test
+run_test ./log/faillog/46_faillog-m-u_range_open/faillog.test
+run_test ./log/faillog/47_faillog-m-a-u_user/faillog.test
+run_test ./log/faillog/48_faillog-m-a-u_range/faillog.test
+run_test ./log/faillog/49_faillog-m-a-u_open_range/faillog.test
+run_test ./log/faillog/50_faillog-m-a-u_range_open/faillog.test
+run_test ./log/faillog/51_faillog-m_invalid/faillog.test
+run_test ./log/faillog/52_faillog-t-l_exclusive/faillog.test
+run_test ./log/faillog/53_faillog-t-m_exclusive/faillog.test
+run_test ./log/faillog/54_faillog-t-r_exclusive/faillog.test
+run_test ./log/faillog/55_faillog_no_changes/faillog.test
+run_test ./log/faillog/56_faillog-l-m_empty_file/faillog.test
+run_test ./log/faillog/57_faillog-r_empty_file/faillog.test
+run_test ./log/faillog/58_faillog-l_no_failcount/faillog.test
+run_test ./log/lastlog/01_lastlog_no_lastlog/lastlog.test
+run_test ./log/lastlog/02_lastlog_usage/lastlog.test
+run_test ./log/lastlog/03_lastlog_format/lastlog.test
+run_test ./log/lastlog/04_lastlog_multiple/lastlog.test
+run_test ./log/lastlog/05_lastlog-u_ID/lastlog.test
+run_test ./log/lastlog/06_lastlog-u_name/lastlog.test
+run_test ./log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
+run_test ./log/lastlog/08_lastlog-u_name_invalid/lastlog.test
+run_test ./log/lastlog/09_lastlog-u_range/lastlog.test
+run_test ./log/lastlog/10_lastlog-u_open_range/lastlog.test
+run_test ./log/lastlog/11_lastlog-u_range_open/lastlog.test
+run_test ./log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
+run_test ./log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
+run_test ./log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
+run_test ./log/lastlog/15_lastlog_bad_option/lastlog.test
+run_test ./log/lastlog/16_lastlog_extra_arg/lastlog.test
+run_test ./log/lastlog/17_lastlog-t/lastlog.test
+run_test ./log/lastlog/18_lastlog-b/lastlog.test
+run_test ./log/lastlog/19_lastlog-t_invalid/lastlog.test
+run_test ./log/lastlog/20_lastlog-b_invalid/lastlog.test
+run_test ./usertools/01/01_useradd_add_user.test
+run_test ./usertools/01/01_userdel_delete_user.test
+run_test ./usertools/01/02_useradd_recreate_deleted_user.test
+run_test ./usertools/01/03_useradd_additional_options.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_fail.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
+run_test ./usertools/01/04_useradd_specified_UID.test
+run_test ./usertools/01/04_useradd_specified_UID_and_GID.test
+run_test ./usertools/01/04_userdel_delete_user_with_non_unique_UID.test
+run_test ./usertools/01/05_useradd_invalid_numeric_primary_group.test
+run_test ./usertools/01/06_useradd_invalid_named_primary_group.test
+run_test ./usertools/01/07_useradd_numerical_primary_group.test
+run_test ./usertools/01/08_useradd_named_primary_group.test
+run_test ./usertools/01/09_usermod_change_user_info.test
+run_test ./usertools/01/10_usermod_rename_user.test
+run_test ./usertools/01/10_usermod_rename_user_in_group.test
+run_test ./usertools/01/11_usermod_change_password.test
+run_test ./usertools/01/11_usermod_lock_password.test
+run_test ./usertools/01/11_usermod_unlock_empty_password.test
+run_test ./usertools/01/11_usermod_unlock_password.test
+run_test ./usertools/01/12_usermod_change_gid_name.test
+run_test ./usertools/01/12_usermod_change_gid_number.test
+run_test ./usertools/01/13_useradd_negative_UID.test
+run_test ./usertools/01/14_useradd_out_of_range_UID.test
+run_test ./usertools/01/15_useradd_specified_large_UID.test
+run_test ./usertools/01/16_useradd_add_user_to_multiple_groups.test
+run_test ./usertools/01/16_useradd_add_user_to_one_group.test
+run_test ./usertools/01/17_useradd_create_homedir.test
+run_test ./usertools/01/18_userdel_remove_homedir.test
+run_test ./usertools/01/19_userdel_delete_user_in_group.test
+run_test ./usertools/01/20_usermod_change_homedir.test
+run_test ./usertools/01/21_usermod_change_and_move_homedir.test
+run_test ./usertools/01/22_usermod_new_groups.test
+run_test ./usertools/01/23_usermod_add_groups.test
+run_test ./usertools/01/24_usermod_new_groups_remove_old_groups.test
+run_test ./usertools/01/25_useradd_specified_large_UID2.test
+run_test ./usertools/01/26_useradd_UID_-1.test
+run_test ./usertools/02/useradd_default_default_values.test
+run_test ./usertools/02/useradd_get_default_values.test
+run_test ./usertools/02/useradd_change_default_INACTIVE.test
+run_test ./usertools/02/useradd_change_default_SHELL.test
+run_test ./usertools/02/useradd_change_default_EXPIRE.test
+run_test ./usertools/02/useradd_change_default_GROUP.test
+run_test ./usertools/02/useradd_change_default_HOME.test
+run_test ./usertools/02/useradd_change_defaults.test
+run_test ./usertools/03/useradd_change_defaults.test
+run_test ./usertools/04/01_useradd_add_user.test
+run_test ./usertools/05_userdel_del_from_group_members/userdel.test
+run_test ./usertools/06_userdel_del_from_gshadow_members/userdel.test
+run_test ./usertools/07_userdel_del_from_gshadow_admins/userdel.test
+run_test ./usertools/08_userdel_del_from_group_and_gshadow/userdel.test
+run_test ./usertools/09_userdel_del_homedir/userdel.test
+run_test ./usertools/10_userdel_del_homedir_wrong_owner/userdel.test
+run_test ./usertools/11_usermod_move_homedir/usermod.test
+run_test ./usertools/12_usermod_move_homedir_dev_null/usermod.test
+run_test ./usertools/13_usermod_move_homedir_file/usermod.test
+run_test ./usertools/14_usermod_move_homedir_other_device/usermod.test
+run_test ./usertools/15_usermod_change_supplementary_groups/usermod.test
+run_test ./usertools/16_usermod_clear_supplementary_groups/usermod.test
+run_test ./usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
+run_test ./usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
+run_test ./usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
+run_test ./usertools/20_usermod_rename_user_in_member_lists/usermod.test
+run_test ./usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
+run_test ./usertools/22_usermod-a_existing_supplementary_group/usermod.test
+run_test ./usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
+run_test ./usertools/24_usermod_locked_passwd/usermod.test
+run_test ./usertools/25_usermod-G_locked_group/usermod.test
+run_test ./usertools/26_usermod_locked_shadow/usermod.test
+run_test ./usertools/27_usermod-G_locked_gshadow/usermod.test
+run_test ./usertools/28_usermod-c_locked_group/usermod.test
+run_test ./usertools/29_usermod-c_locked_gshadow/usermod.test
+run_test ./usertools/30_usermod-l_locked_group/usermod.test
+run_test ./usertools/31_usermod-l_locked_gshadow/usermod.test
+run_test ./usertools/32_usermod-u_new_UID/usermod.test
+run_test ./usertools/33_usermod-u_existing_UID/usermod.test
+run_test ./usertools/34_usermod-u-o_existing_UID/usermod.test
+run_test ./usertools/35_usermod-u_invalid_UID/usermod.test
+run_test ./usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
+run_test ./usertools/37_Debian_Bug_470745/usermod.test
+run_test ./usertools/38_usermod_invalid_user/usermod.test
+run_test ./usertools/39_usermod_-c_invalid_comment/usermod.test
+run_test ./usertools/40_usermod_-d_invalid_homedir/usermod.test
+run_test ./usertools/41_usermod_-d_invalid_shell/usermod.test
+run_test ./usertools/42_usermod_-g_invalid_group_name/usermod.test
+run_test ./usertools/43_usermod_-g_invalid_group_ID/usermod.test
+run_test ./usertools/44_usermod-l_existing_username/usermod.test
+run_test ./usertools/45_usermod-l_existing_username_passwd/usermod.test
+run_test ./usertools/46_usermod-l_existing_username_shadow/usermod.test
+run_test ./usertools/47_usermod-l_no_shadow_file/usermod.test
+run_test ./usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
+run_test ./usertools/49_userdel_delete_users_group/userdel.test
+run_test ./usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
+run_test ./usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
+run_test ./usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
+run_test ./usertools/53_userdel_delete_user_no_shadow_file/userdel.test
+run_test ./usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
+run_test ./usertools/55_userdel_busy_user/userdel.test
+run_test ./usertools/56_userdel_locked_passwd/userdel.test
+run_test ./usertools/57_userdel_locked_group/userdel.test
+run_test ./usertools/58_userdel_locked_shadow/userdel.test
+run_test ./usertools/59_userdel_locked_gshadow/userdel.test
+run_test ./usertools/60_userdel_invalid_user/userdel.test
+run_test ./usertools/61_userdel_del_homedir_with_symlinks/userdel.test
+run_test ./usertools/62_usermod_remove_supplementary_groups/usermod.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
+else
+	run_test ./usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
+fi
+run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+run_test ./usertools/useradd/01_useradd_usage/useradd.test
+run_test ./usertools/useradd/02_useradd_usage_invalid_option/useradd.test
+run_test ./usertools/useradd/03_useradd_usage_no_users/useradd.test
+run_test ./usertools/useradd/04_useradd_usage_2_users/useradd.test
+run_test ./usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
+run_test ./usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
+run_test ./usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
+run_test ./usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
+run_test ./usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
+run_test ./usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
+run_test ./usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
+run_test ./usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
+run_test ./usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
+run_test ./usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
+run_test ./usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
+run_test ./usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
+run_test ./usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
+run_test ./usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
+run_test ./usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
+run_test ./usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
+run_test ./usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
+run_test ./usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
+run_test ./usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
+run_test ./usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
+run_test ./usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
+run_test ./usertools/useradd/26_useradd_usage-o_without-u/useradd.test
+run_test ./usertools/useradd/27_useradd_usage-k_without-m/useradd.test
+run_test ./usertools/useradd/28_useradd_usage-U_with-g/useradd.test
+run_test ./usertools/useradd/29_useradd_usage-U_with-N/useradd.test
+run_test ./usertools/useradd/30_useradd_usage-m_with-M/useradd.test
+run_test ./usertools/useradd/31_useradd_usage_user_with-D/useradd.test
+run_test ./usertools/useradd/32_useradd_usage-D_with_other/useradd.test
+run_test ./usertools/useradd/33_useradd_usage_invalid_username/useradd.test
+run_test ./usertools/useradd/35_useradd_default_GROUP_name/useradd.test
+run_test ./usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
+run_test ./usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
+run_test ./usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
+run_test ./usertools/useradd/38_useradd_default_INACTIVE/useradd.test
+run_test ./usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
+run_test ./usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
+run_test ./usertools/useradd/41_useradd_default_default_SKEL/useradd.test
+run_test ./usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
+run_test ./usertools/useradd/43_useradd_default_no_final_eol/useradd.test
+run_test ./usertools/useradd/44_useradd_default_no_file/useradd.test
+run_test ./usertools/useradd/45_useradd-G_UID_name/useradd.test
+run_test ./usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
+run_test ./usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
+run_test ./usertools/useradd/48_useradd-G_name_duplicate/useradd.test
+run_test ./usertools/useradd/49_useradd-G_invalid_group/useradd.test
+run_test ./usertools/useradd/50_useradd-r/useradd.test
+run_test ./usertools/useradd/51_useradd_already_exist/useradd.test
+run_test ./usertools/useradd/52_useradd-U_group_already_exist/useradd.test
+run_test ./usertools/useradd/53_useradd-G_empty/useradd.test
+run_test ./usertools/useradd/54_useradd_no_shadow_file/useradd.test
+run_test ./usertools/useradd/55_useradd_no_gshadow_file/useradd.test
+run_test ./usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
+run_test ./usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
+run_test ./usertools/useradd/58_useradd-e_empty/useradd.test
+run_test ./usertools/useradd/59_useradd-e-1-f-1/useradd.test
+run_test ./usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
+run_test ./usertools/useradd/61_useradd-K/useradd.test
+run_test ./usertools/useradd/62_useradd-p/useradd.test
+run_test ./usertools/useradd/63_useradd-s/useradd.test
+run_test ./usertools/useradd/64_useradd_locked_passwd/useradd.test
+run_test ./usertools/useradd/65_useradd_locked_group/useradd.test
+run_test ./usertools/useradd/66_useradd_locked_shadow/useradd.test
+run_test ./usertools/useradd/67_useradd_locked_gshadow/useradd.test
+run_test ./usertools/useradd/68_useradd-s_empty/useradd.test
+run_test ./usertools/userdel/01_userdel_usage/userdel.test
+run_test ./usertools/userdel/02_userdel_usage_invalid_option/userdel.test
+run_test ./usertools/userdel/03_userdel_usage_no_users/userdel.test
+run_test ./usertools/userdel/04_userdel_usage_2_users/userdel.test
+run_test ./usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
+run_test ./usertools/userdel/06_userdel_no_usergroup/userdel.test
+run_test ./usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
+run_test ./usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
+run_test ./usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
+run_test ./usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
+run_test ./usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
+run_test ./usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
+run_test ./usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
+run_test ./usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
+run_test ./usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
+run_test ./usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
+run_test ./usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
+run_test ./usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
+run_test ./usertools/usermod/10_usermod_usage/usermod.test
+run_test ./usertools/usermod/11_usermod_usage_bad_option/usermod.test
+run_test ./usertools/usermod/12_usermod_usage_bad-f/usermod.test
+run_test ./usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
+run_test ./usertools/usermod/14_usermod_usage_no_options/usermod.test
+run_test ./usertools/usermod/15_usermod_usage_no_user/usermod.test
+run_test ./usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
+run_test ./usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
+run_test ./usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
+run_test ./usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
+run_test ./usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
+run_test ./usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
+run_test ./usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
+run_test ./usertools/usermod/23_usermod-e_date/usermod.test
+run_test ./usertools/usermod/24_usermod-e_date/usermod.test
+run_test ./usertools/usermod/25_usermod-e_empty_arg/usermod.test
+run_test ./usertools/usermod/26_usermod-e-1/usermod.test
+run_test ./usertools/usermod/27_usermod-e_invalid1/usermod.test
+run_test ./usertools/usermod/28_usermod-e_invalid2/usermod.test
+run_test ./usertools/usermod/29_usermod_no_changes/usermod.test
+run_test ./usertools/usermod/30_usermod_usage-a_without-G/usermod.test
+run_test ./usertools/usermod/31_usermod_usage-o_without-u/usermod.test
+run_test ./usertools/usermod/32_usermod_usage-m_without-d/usermod.test
+run_test ./usertools/usermod/33_usermod_change_shell/usermod.test
+run_test ./usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
+run_test ./usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
+run_test ./usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
+run_test ./usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
+run_test ./usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
+run_test ./usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
+run_test ./usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
+run_test ./usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
+run_test ./usertools/usermod/44_usermod-l_move_mailbox/usermod.test
+run_test ./usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
+run_test ./usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
+run_test ./usertools/usermod/47_usermod-u_default_maildir/usermod.test
+run_test ./usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
+run_test ./usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
+run_test ./usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
+run_test ./usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
+run_test ./usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
+run_test ./cptools/01/run1
+run_test ./cptools/01/run2
+run_test ./cptools/01/run3
+run_test ./cptools/01/run4
+run_test ./cktools/01/run1
+run_test ./cktools/01/run2
+run_test ./cktools/02_pwck_sort/pwck.test
+run_test ./cktools/03_grpck_sort/grpck.test
+run_test ./cktools/04_pwck_sort_missing_shadow_user/pwck.test
+run_test ./cktools/05_grpck_sort_missing_shadow_group/grpck.test
+run_test ./cktools/06_pwck_sort_NIS_server/pwck.test
+run_test ./cktools/07_pwck_sort_NIS_client/pwck.test
+run_test ./cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
+run_test ./cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
+run_test ./cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
+run_test ./cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
+run_test ./cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
+run_test ./cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/10_grpck_missing_field_group_local/grpck.test
+run_test ./cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
+run_test ./cktools/grpck/12_grpck_unknown_user_group/grpck.test
+run_test ./cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
+run_test ./cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
+run_test ./cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
+run_test ./cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
+run_test ./cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
+run_test ./cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
+run_test ./cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
+run_test ./cktools/grpck/21_grpck_invalid_group_name/grpck.test
+run_test ./cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
+run_test ./cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
+run_test ./cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
+run_test ./cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
+run_test ./cktools/grpck/26_grpck_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/28_grpck_usage/grpck.test
+run_test ./cktools/grpck/29_grpck_sort_readonly/grpck.test
+run_test ./cktools/grpck/30_grpck_3_files/grpck.test
+run_test ./cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
+run_test ./cktools/grpck/32_grpck_sort_nis/grpck.test
+run_test ./cktools/grpck/33_grpck_locked_group/grpck.test
+run_test ./cktools/grpck/34_grpck_locked_gshadow/grpck.test
+run_test ./cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
+run_test ./cktools/grpck/36_grpck_password_group_gshadow/grpck.test
+run_test ./cktools/grpck/37_grpck_invalid_option/grpck.test
+run_test ./cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
+run_test ./cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
+run_test ./cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
+run_test ./cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
+run_test ./cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
+run_test ./cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
+run_test ./cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
+run_test ./cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
+run_test ./cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
+run_test ./cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
+run_test ./cktools/pwck/18_pwck_invalid_user_name/pwck.test
+run_test ./cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
+run_test ./cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
+run_test ./cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
+run_test ./cktools/pwck/22_pwck_usage/pwck.test
+run_test ./cktools/pwck/23_pwck_locked_passwd/pwck.test
+run_test ./cktools/pwck/24_pwck_locked_shadow/pwck.test
+run_test ./cktools/pwck/25_pwck_usage_invalid_option/pwck.test
+run_test ./cktools/pwck/26_pwck_usage-s-r/pwck.test
+run_test ./cktools/pwck/27_pwck_usage_3_files/pwck.test
+run_test ./cktools/pwck/28_pwck_no_shadow_file/pwck.test
+run_test ./cktools/pwck/29_pwck_password_change_in_future/pwck.test
+run_test ./cktools/pwck/30_pwck_NIS_entries/pwck.test
+run_test ./cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
+run_test ./cktools/pwck/32_pwck_quiet/pwck.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
+	run_test ./crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
+	run_test ./crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
+	run_test ./crypt/login.defs_DES/05_chpasswd-e.test
+	run_test ./crypt/login.defs_DES/06_chpasswd-m.test
+fi
+run_test ./crypt/login.defs_DES/07_chgpasswd.test
+run_test ./crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
+run_test ./crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
+run_test ./crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
+run_test ./crypt/login.defs_DES/11_chgpasswd-e.test
+run_test ./crypt/login.defs_DES/12_chgpasswd-m.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_MD5/01_chpasswd.test
+	run_test ./crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_MD5/02_chgpasswd.test
+run_test ./crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_SHA256-round-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA512/01_chpasswd.test
+	run_test ./crypt/login.defs_none/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_SHA256-round-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA512/02_chgpasswd.test
+run_test ./crypt/login.defs_none/02_chgpasswd.test
+run_test ./newusers/01_create_user/newusers.test
+run_test ./newusers/02_update_password/newusers.test
+run_test ./newusers/03_no_update_pid/newusers.test
+run_test ./newusers/04_no_update_gid/newusers.test
+run_test ./newusers/05_create_user_pid/newusers.test
+run_test ./newusers/06_create_user_gid/newusers.test
+run_test ./newusers/07_create_user_pid_gid/newusers.test
+run_test ./newusers/08_create_user_pid_other-gid/newusers.test
+run_test ./newusers/09_create_user_pid-as-user-bar/newusers.test
+run_test ./newusers/10_create_user_gid-as-group-bar/newusers.test
+run_test ./newusers/11_update_gecos/newusers.test
+run_test ./newusers/12_update_shell/newusers.test
+run_test ./newusers/13_create_user_new-home/newusers.test
+run_test ./newusers/14_create_user_existing-home/newusers.test
+run_test ./newusers/15_update_new-home/newusers.test
+run_test ./newusers/16_update_existing-home/newusers.test
+run_test ./newusers/17_create_user_pid-already-used/newusers.test
+run_test ./newusers/18_create_user_gid-already-used/newusers.test
+run_test ./newusers/19_update_keep-old-home/newusers.test
+run_test ./newusers/20_multiple_users/newusers.test
+run_test ./newusers/21_create_user_UID_MAX/newusers.test
+run_test ./newusers/22_create_user_GID_MAX/newusers.test
+run_test ./newusers/23_create_user_error_negative_UID/newusers.test
+run_test ./newusers/24_create_user_error_invalid_UID/newusers.test
+run_test ./newusers/25_create_user_error_no_remaining_UID/newusers.test
+run_test ./newusers/26_create_user_error_no_remaining_GID/newusers.test
+run_test ./newusers/27_create_user_error_invalid_username/newusers.test
+run_test ./newusers/28_create_user_error_invalid_groupname/newusers.test
+run_test ./newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
+run_test ./newusers/30_create_user_different_groupname/newusers.test
+run_test ./newusers/31_create_user_error_invalid_GID/newusers.test
+run_test ./newusers/32_create_user_error_gshadow_group_exists/newusers.test
+run_test ./newusers/33_update_password_no_shadow_password/newusers.test
+run_test ./newusers/34_update_password_no_shadow/newusers.test
+run_test ./newusers/35_read_from_stdin/newusers.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./newusers/36_create_user_encrypted/newusers.test
+	run_test ./newusers/37_create_user_encrypt_MD5/newusers.test
+	run_test ./newusers/38_update_password_no_shadow_encrypted/newusers.test
+	run_test ./newusers/39_update_password_no_shadow_password_encrypted/newusers.test
+	run_test ./newusers/40_update_password_encrypted/newusers.test
+	run_test ./newusers/41_create_user_encrypt_SHA256/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
+	run_test ./newusers/45_create_user_encrypt_rounds_3000/newusers.test
+	run_test ./newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
+else
+
+	run_test ./newusers/37_create_user_encrypt_MD5-PAM/newusers.test
+
+
+
+	run_test ./newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
+
+
+fi
+run_test ./newusers/47_create_user_error_UID_4294967295/newusers.test
+run_test ./newusers/48_create_user_error_GID_4294967295/newusers.test
+run_test ./newusers/49_multiple_system_users/newusers.test
+run_test ./newusers/50_usage/newusers.test
+run_test ./newusers/51_usage_invalid_option/newusers.test
+run_test ./newusers/52_usage_2_input_files/newusers.test
+run_test ./newusers/53_locked_passwd/newusers.test
+run_test ./newusers/54_locked_shadow/newusers.test
+run_test ./newusers/55_locked_group/newusers.test
+run_test ./newusers/56_locked_gshadow/newusers.test
+run_test ./newusers/57_missing_input_file/newusers.test
+run_test ./newusers/58_invalid_input_file/newusers.test
+run_test ./newusers/59_no_gshadow_file/newusers.test
+run_test ./newusers/60_update_no_gecos/newusers.test
+run_test ./newusers/61_update_no_shell/newusers.test
+run_test ./split_groups/01_useradd_split_group/useradd.test
+run_test ./split_groups/02_useradd_no_split_group/useradd.test
+run_test ./split_groups/03_useradd_split_group_already_split/useradd.test
+run_test ./split_groups/04_useradd_split_group_already_full/useradd.test
+run_test ./split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
+run_test ./split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
+run_test ./split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
+run_test ./split_groups/08_useradd_no_split_group_already_split/useradd.test
+run_test ./split_groups/09_groupdel_split_group_already_split/groupdel.test
+run_test ./split_groups/10_groupdel_no_split_group_already_split/groupdel.test
+if [ "$FAILURE_TESTS" = "yes" ]; then
+run_test ./failures/chage/01_chage_openRW_passwd_failure/chage.test
+run_test ./failures/chage/02_chage_openRO_passwd_failure/chage.test
+run_test ./failures/chage/03_chage_openRW_shadow_failure/chage.test
+run_test ./failures/chage/04_chage_openRO_shadow_failure/chage.test
+run_test ./failures/chage/05_chage_rename_shadow_failure/chage.test
+run_test ./failures/chage/06_chage_rename_passwd_failure/chage.test
+run_test ./failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
+run_test ./failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
+fi
+run_test ./failures/chsh/01_chsh_open_passwd_failure/chsh.test
+run_test ./failures/chsh/02_chsh_rename_passwd_failure/chsh.test
+run_test ./failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
+run_test ./failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
+run_test ./failures/cppw/03_cppw_rename_passwd_failure/cppw.test
+run_test ./failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
+run_test ./failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
+run_test ./failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
+run_test ./failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
+run_test ./failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
+run_test ./failures/groupadd/04_groupadd_group_open_failure/groupadd.test
+run_test ./failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
+run_test ./failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
+run_test ./failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
+run_test ./failures/groupdel/04_groupdel_group_open_failure/groupdel.test
+run_test ./failures/groupmems/01_groupmems_group_open_failure/groupmems.test
+run_test ./failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
+run_test ./failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
+run_test ./failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
+run_test ./failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
+run_test ./failures/groupmod/04_groupmod_group_open_failure/groupmod.test
+run_test ./failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
+run_test ./failures/grpck/01_grpck_system_group_open_failure/grpck.test
+run_test ./failures/grpck/02_grpck_group_open_failure/grpck.test
+run_test ./failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/04_grpck_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
+run_test ./failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
+run_test ./failures/grpconv/01_grpconv_open_group_failure/grpconv.test
+run_test ./failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
+run_test ./failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
+run_test ./failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
+run_test ./failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
+run_test ./failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
+run_test ./failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
+run_test ./failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
+run_test ./failures/newusers/01_newusers_open_passwd_failure/newusers.test
+run_test ./failures/newusers/02_newusers_open_shadow_failure/newusers.test
+run_test ./failures/newusers/03_newusers_open_group_failure/newusers.test
+run_test ./failures/newusers/04_newusers_open_gshadow_failure/newusers.test
+run_test ./failures/newusers/05_newusers_rename_passwd_failure/newusers.test
+run_test ./failures/newusers/06_newusers_rename_shadow_failure/newusers.test
+run_test ./failures/newusers/07_newusers_rename_group_failure/newusers.test
+run_test ./failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
+run_test ./failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
+run_test ./failures/newusers/10_newusers_time_0/newusers.test
+run_test ./failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
+run_test ./failures/pwck/02_pwck_passwd_open_failure/pwck.test
+run_test ./failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
+run_test ./failures/pwck/04_pwck_shadow_open_failure/pwck.test
+run_test ./failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
+run_test ./failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
+run_test ./failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
+run_test ./failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
+run_test ./failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
+run_test ./failures/pwconv/05_pwconv_time_0/pwconv.test
+run_test ./failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
+run_test ./failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
+run_test ./failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
+run_test ./failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
+run_test ./failures/useradd/01_useradd_open_passwd_failure/useradd.test
+run_test ./failures/useradd/02_useradd_open_shadow_failure/useradd.test
+run_test ./failures/useradd/03_useradd_open_group_failure/useradd.test
+run_test ./failures/useradd/04_useradd_open_gshadow_failure/useradd.test
+run_test ./failures/useradd/05_useradd_rename_passwd_failure/useradd.test
+run_test ./failures/useradd/06_useradd_rename_shadow_failure/useradd.test
+run_test ./failures/useradd/07_useradd_rename_group_failure/useradd.test
+run_test ./failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
+run_test ./failures/useradd/09_useradd_rename_defaults_failure/useradd.test
+run_test ./failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
+run_test ./failures/useradd/11_useradd_time_0/useradd.test
+run_test ./failures/useradd/12_useradd_open_subuid_failure/useradd.test
+run_test ./failures/useradd/13_useradd_open_subgid_failure/useradd.test
+run_test ./failures/useradd/14_username_rename_subuid_failure/useradd.test
+run_test ./failures/useradd/15_username_rename_subgid_failure/useradd.test
+run_test ./failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
+run_test ./failures/userdel/02_userdel_group_rename_failure/userdel.test
+run_test ./failures/userdel/03_userdel_shadow_rename_failure/userdel.test
+run_test ./failures/userdel/04_userdel_passwd_rename_failure/userdel.test
+run_test ./failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
+run_test ./failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
+run_test ./failures/userdel/07_userdel_failure_remove_homedir/userdel.test
+run_test ./failures/userdel/08_userdel_open_passwd_failure/userdel.test
+run_test ./failures/userdel/09_userdel_open_shadow_failure/userdel.test
+run_test ./failures/userdel/10_userdel_open_group_failure/userdel.test
+run_test ./failures/userdel/11_userdel_open_gshadow_failure/userdel.test
+run_test ./failures/userdel/12_userdel_open_subuid_failure/userdel.test
+run_test ./failures/userdel/13_userdel_open_subgid_failure/userdel.test
+run_test ./failures/userdel/14_userdel_rename_subuid_failure/usedel.test
+run_test ./failures/userdel/15_userdel_rename_subgid_failure/usedel.test
+run_test ./failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
+run_test ./failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
+run_test ./failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
+run_test ./failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
+run_test ./failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
+run_test ./failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
+run_test ./failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
+run_test ./failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
+run_test ./failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
+run_test ./failures/usermod/10_usermod_-p_time_0/usermod.test
+run_test ./failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
+#run_test ./failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
+run_test ./failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
+run_test ./failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
+run_test ./failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
+run_test ./failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
+run_test ./failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
+run_test ./failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
+fi
+run_test ./expiry/01_expiry_-c_no_expiry/expiry.test
+run_test ./expiry/02_expiry_-c_expired/expiry.test
+run_test ./expiry/03_expiry_-f_expired/expiry.test
+run_test ./expiry/04_expiry_no_options/expiry.test
+run_test ./expiry/05_expiry_-c_no_shadow_file/expiry.test
+run_test ./expiry/06_expiry_-c_no_shadow_entry/expiry.test
+run_test ./expiry/07_expiry_-c_expired_account/expiry.test
+run_test ./expiry/08_expiry_-c_expired_max+inact/expiry.test
+run_test ./expiry/09_expiry_-c_expired_not_inactive/expiry.test
+run_test ./expiry/10_expiry_bad_option/expiry.test
+run_test ./expiry/11_expiry_usage/expiry.test
+run_test ./expiry/12_expiry_extra_arg/expiry.test
+run_test ./expiry/13_expiry_usage-c-f/expiry.test
+run_test ./passwd/01_passwd_-S_root_locked_account/passwd.test
+run_test ./passwd/02_passwd_-S_root_valid_account/passwd.test
+run_test ./passwd/03_passwd_-S_root_empty_password/passwd.test
+run_test ./passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
+run_test ./passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
+run_test ./passwd/06_passwd_-l_root_lock_account/passwd.test
+run_test ./passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
+run_test ./passwd/08_passwd_-u_root_unlock_account/passwd.test
+run_test ./passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
+run_test ./passwd/10_passwd_-d_root/passwd.test
+run_test ./passwd/11_passwd_--mindays_root/passwd.test
+run_test ./passwd/12_passwd_--maxdays_root/passwd.test
+run_test ./passwd/13_passwd_--warndays_root/passwd.test
+run_test ./passwd/14_passwd_--inactive_root/passwd.test
+run_test ./passwd/15_passwd_--expire_root/passwd.test
+run_test ./passwd/16_passwd_-S-a_root/passwd.test
+run_test ./passwd/17_passwd_root_change_password/passwd.test
+run_test ./passwd/18_passwd_root_change_password_user/passwd.test
+run_test ./passwd/19_passwd_user_change_password/passwd.test
+run_test ./passwd/20_passwd_user_change_password_same_user/passwd.test
+run_test ./passwd/21_passwd_user_change_password_other_user/passwd.test
+run_test ./passwd/22_passwd_usage/passwd.test
+run_test ./login/01_login_prompt/login.test
+run_test ./login/02_login_user/login.test
+run_test ./login/03_login_check_tty/login.test
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./subids/01_useradd_no_subids/useradd.test
+run_test ./subids/02_useradd_with_subids/useradd.test
+run_test ./subids/03_useradd_no_subgid/useradd.test
+run_test ./subids/04_useradd_no_subuid/useradd.test
+run_test ./subids/05_useradd_fill_gap_start/useradd.test
+run_test ./subids/06_useradd_fill_gap_middle/useradd.test
+run_test ./subids/07_useradd_fill_gap_end/useradd.test
+run_test ./subids/08_useradd_no_more_subuids_start/useradd.test
+run_test ./subids/09_useradd_no_more_subgids_start/useradd.test
+run_test ./subids/10_useradd_no_more_subuids_end/useradd.test
+run_test ./subids/11_useradd_no_more_subgids_end/useradd.test
+run_test ./subids/12_useradd_invalid_subuid_configuration1/useradd.test
+run_test ./subids/13_useradd_invalid_subuid_configuration2/useradd.test
+run_test ./subids/14_useradd_invalid_subuid_configuration3/useradd.test
+run_test ./subids/15_useradd_invalid_subgid_configuration1/useradd.test
+run_test ./subids/16_useradd_invalid_subgid_configuration2/useradd.test
+run_test ./subids/17_useradd_invalid_subgid_configuration3/useradd.test
+run_test ./subids/18_useradd_min=max/useradd.test
+run_test ./subids/19_useradd_locked_subuid/useradd.test
+run_test ./subids/20_useradd_locked_subgid/useradd.test
+run_test ./subids/21_usermod_create_subuid_range/usermod.test
+run_test ./subids/22_usermod_create_subgid_range/usermod.test
+run_test ./subids/23_usermod_create_subids_ranges/usermod.test
+run_test ./subids/24_usermod_create_subids_overlapping_ranges/usermod.test
+run_test ./subids/25_usermod_add_range/usermod.test
+run_test ./subids/26_usermod_add_overlapping_ranges/usermod.test
+run_test ./subids/27_usermod_remove_range_all/usermod.test
+run_test ./subids/28_usermod_remove_range_partial_begin/usermod.test
+run_test ./subids/29_usermod_remove_range_partial_middle/usermod.test
+run_test ./subids/30_usermod_remove_range_partial_end/usermod.test
+run_test ./subids/31_usermod_remove_outside_range/usermod.test
+run_test ./subids/32_usermod_remove_overlapping_range_begin/usermod.test
+run_test ./subids/33_usermod_remove_overlapping_range_end/usermod.test
+run_test ./subids/34_usermod_remove_overlapping_range_all/usermod.test
+run_test ./subids/35_usermod_remove_only_user_ranges/usermod.test
+run_test ./subids/36_usermod_remove_with_comment/usermod.test
+run_test ./subids/37_usermod_-v_invalid_range/usermod.test
+run_test ./subids/38_usermod_-V_invalid_range/usermod.test
+run_test ./subids/39_usermod_-w_invalid_range/usermod.test
+run_test ./subids/40_usermod_-W_invalid_range/usermod.test
+run_test ./subids/41_usermod_locked_subuid/usermod.test
+run_test ./subids/42_usermod_locked_subgid/usermod.test
+run_test ./subids/43_usermod_-w_no_subgid/usermod.test
+run_test ./subids/44_usermod_-W_no_subgid/usermod.test
+run_test ./subids/45_usermod_-v_no_subgid/usermod.test
+run_test ./subids/46_usermod_-V_no_subgid/usermod.test
+run_test ./subids/47_usermod_-v_invalid_range2/usermod.test
+run_test ./subids/48_usermod_-v_invalid_range3/usermod.test
+run_test ./subids/49_usermod_-v_invalid_range4/usermod.test
+run_test ./subids/50_usermod_-v_invalid_range5/usermod.test
+run_test ./subids/51_usermod_-v_invalid_range6/usermod.test
+run_test ./subids/52_usermod_-v_invalid_range7/usermod.test
+run_test ./subids/53_userdel_one_subuid_range/userdel.test
+run_test ./subids/54_userdel_one_subgid_range/userdel.test
+run_test ./subids/55_userdel_no_subuid/userdel.test
+run_test ./subids/56_userdel_no_subgid/userdel.test
+run_test ./subids/57_userdel_multiple_ranges/userdel.test
+run_test ./subids/58_newusers_with_subids/newusers.test
+run_test ./subids/59_newusers_no_subuid/newusers.test
+run_test ./subids/60_newusers_no_subgid/newusers.test
+run_test ./subids/61_newusers_user_alread_has_subgids/newusers.test
+run_test ./subids/62_newusers_user_alread_has_subuids/newusers.test
+run_test ./subids/63_useradd_fill_gap4/useradd.test
+run_test ./subids/64_useradd_fill_gap5/useradd.test
+run_test ./subids/65_useradd_fill_gap6/useradd.test
+run_test ./subids/66_subordinate_range_cmp/useradd.test
+run_test ./subids/67_invalid_subuid_file1/useradd.test
+run_test ./subids/68_invalid_subuid_file2/useradd.test
+run_test ./subids/69_invalid_subuid_file3/useradd.test
+run_test ./subids/70_invalid_subuid_file4/useradd.test
+run_test ./subids/71_useradd_subids_for_system/useradd.test
+run_test ./newuidmap/01_newuidmap/newuidmap.test
+run_test ./newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
+run_test ./newgidmap/01_newgidmap/newgidmap.test
+run_test ./newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
+
+echo
+echo "$succeeded test(s) passed"
+echo "$failed test(s) failed"
+echo "log written in 'testsuite.log'"
+if [ "$failed" != 0 ]
+then
+	echo "the following tests failed:"
+	echo "$failed_tests"
+fi
diff --git a/tests/tests/run_all.coverage b/tests/tests/run_all.coverage
new file mode 100755
index 0000000..d865c0e
--- /dev/null
+++ b/tests/tests/run_all.coverage
@@ -0,0 +1,1329 @@
+#!/bin/sh
+
+set -e
+
+export LC_ALL=C
+unset LANG
+unset LANGUAGE
+. common/config.sh
+
+USE_PAM="yes"
+FAILURE_TESTS="yes"
+
+succeeded=0
+failed=0
+failed_tests=""
+
+run_test()
+{
+	find "$build_path" -name "*.gcda" -delete
+	find "$build_path" -name "*.gcno" | while read f
+	do
+		g=${f%gcno}gcda
+		touch $g
+		chmod a+rw $g
+	done
+
+	if $1 > $1.log
+	then
+		succeeded=$((succeeded+1))
+		echo -n "+"
+	else
+		failed=$((failed+1))
+		failed_tests="$failed_tests $1"
+		echo -n "-"
+	fi
+	cat $1.log >> testsuite.log
+	[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
+	[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
+	[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
+	then
+		echo $1
+		ls -l /etc/shadow
+		chgrp shadow /etc/shadow
+	fi
+	if [ -d /nonexistent ]
+	then
+		echo $1 /nonexistent
+		rmdir /nonexistent
+	fi
+
+	find $build_path -name "*.gcda" -size 0 -delete
+	if echo $1 | grep -v -q debian
+	then
+		TESTNAME=$(echo $1| sed -e 's/^\.\///' -e 's/[.\/=-]/_/g')
+		lcov -q -c -d $build_path -o app_test.info -t $TESTNAME
+		lcov -q -a app_total.info -a app_test.info -o app_total.info
+		rm -f app_test.info
+	fi
+}
+
+echo "+: test passed"
+echo "-: test failed"
+
+# Empty the complete log.
+> testsuite.log
+
+lcov -q -c -i -d $build_path -o app_base.info
+lcov -q -a app_base.info -o app_total.info
+rm -f app_base.info
+
+run_test ./su/01/su_root.test
+run_test ./su/01/su_user.test
+run_test ./su/02/env_FOO-options_--login
+run_test ./su/02/env_FOO-options_--login_bash
+run_test ./su/02/env_FOO-options_--preserve-environment
+run_test ./su/02/env_FOO-options_--preserve-environment_bash
+run_test ./su/02/env_FOO-options_-
+run_test ./su/02/env_FOO-options_-_bash
+run_test ./su/02/env_FOO-options_-l-m
+run_test ./su/02/env_FOO-options_-l-m_bash
+run_test ./su/02/env_FOO-options_-l
+run_test ./su/02/env_FOO-options_-l_bash
+run_test ./su/02/env_FOO-options_-m_bash
+run_test ./su/02/env_FOO-options_-m
+run_test ./su/02/env_FOO-options_-p
+run_test ./su/02/env_FOO-options_-p_bash
+run_test ./su/02/env_FOO-options__bash
+run_test ./su/02/env_FOO-options_
+run_test ./su/02/env_FOO-options_-p-
+run_test ./su/02/env_FOO-options_-p-_bash
+run_test ./su/02/env_special-options_-l-p
+run_test ./su/02/env_special-options_-l
+run_test ./su/02/env_special-options_-l-p_bash
+run_test ./su/02/env_special-options_-l_bash
+run_test ./su/02/env_special-options_-p
+run_test ./su/02/env_special-options_-p_bash
+run_test ./su/02/env_special-options_
+run_test ./su/02/env_special-options__bash
+run_test ./su/02/env_special_root-options_-l-p
+run_test ./su/02/env_special_root-options_-l-p_bash
+run_test ./su/02/env_special_root-options_-l
+run_test ./su/02/env_special_root-options_-l_bash
+run_test ./su/02/env_special_root-options_-p
+run_test ./su/02/env_special_root-options_-p_bash
+run_test ./su/02/env_special_root-options_
+run_test ./su/02/env_special_root-options__bash
+run_test ./su/03/su_run_command01.test
+run_test ./su/03/su_run_command02.test
+run_test ./su/03/su_run_command03.test
+run_test ./su/03/su_run_command04.test
+run_test ./su/03/su_run_command05.test
+run_test ./su/03/su_run_command06.test
+run_test ./su/03/su_run_command07.test
+run_test ./su/03/su_run_command08.test
+run_test ./su/03/su_run_command09.test
+run_test ./su/03/su_run_command10.test
+run_test ./su/03/su_run_command11.test
+run_test ./su/03/su_run_command12.test
+run_test ./su/03/su_run_command13.test
+run_test ./su/03/su_run_command14.test
+run_test ./su/03/su_run_command15.test
+run_test ./su/03/su_run_command16.test
+run_test ./su/03/su_run_command17.test
+run_test ./su/04/su_wrong_user.test
+run_test ./su/04/su_user_wrong_passwd.test
+run_test ./su/04/su_user_wrong_passwd_syslog.test
+run_test ./su/05/su_user_wrong_passwd_syslog.test
+run_test ./su/06/su_user_syslog.test
+run_test ./su/07/su_user_syslog.test
+run_test ./su/08/env_special-options_
+run_test ./su/08/env_special_root-options_
+run_test ./su/09/env_special-options_
+run_test ./su/09/env_special_root-options_
+run_test ./su/10_su_sulog_success/su.test
+run_test ./su/11_su_sulog_failure/su.test
+run_test ./su/12_su_child_failure/su.test
+run_test ./su/13_su_child_success/su.test
+run_test ./chage/01/run
+run_test ./chage/02/run
+run_test ./chage/03_chsh_usage/chage.test
+run_test ./chage/04_chsh_usage_invalid_option/chage.test
+run_test ./chage/05_chsh_usage_2_users/chage.test
+run_test ./chage/06_chsh_usage_no_users/chage.test
+run_test ./chage/07_chsh_usage-l_exclusive/chage.test
+run_test ./chage/08_chsh_usage_invalid_date/chage.test
+run_test ./chage/09_chsh_usage_invalid_numeric_arg/chage.test
+run_test ./chage/10_chsh-l/chage.test
+run_test ./chage/11_chsh_usage_invalid_user/chage.test
+run_test ./chage/12_chsh_usage-l_invalid_user2/chage.test
+run_test ./chage/13_chsh_locked_passwd/chage.test
+run_test ./chage/14_chsh_locked_shadow/chage.test
+run_test ./chage/15_chage-I_no_shadow_entry/chage.test
+run_test ./chage/16_chage-m_no_shadow_entry/chage.test
+run_test ./chage/17_chage-M_no_shadow_entry/chage.test
+run_test ./chage/18_chage-d_no_shadow_entry/chage.test
+run_test ./chage/19_chage-W_no_shadow_entry/chage.test
+run_test ./chage/20_chage-E_no_shadow_entry/chage.test
+run_test ./chage/21_chage_no_shadow_file/chage.test
+run_test ./chage/22_chage_myuser-l/chage.test
+run_test ./chage/23_chage_myuser-I/chage.test
+run_test ./chage/24_chage_myuser-l_other/chage.test
+run_test ./chage/25_chage_interactive/chage.test
+run_test ./chage/26_chage_interactive_date_0/chage.test
+run_test ./chage/27_chage_interactive_date_-1/chage.test
+run_test ./chage/28_chage_interactive_date_EPOCH/chage.test
+run_test ./chage/29_chage_interactive_date_pre-EPOCH/chage.test
+run_test ./chage/30_chage_interactive_date_pre-EPOCH2/chage.test
+run_test ./chage/31_chage_interactive_date_invalid/chage.test
+run_test ./chage/32_chage_interactive_date_invalid2/chage.test
+run_test ./chage/33_chage_interactive-W_invalid1/chage.test
+run_test ./chage/34_chage_interactive-W_invalid2/chage.test
+run_test ./chage/35_chage_interactive-W-1/chage.test
+run_test ./chage/36_chage_interactive-I_invalid1/chage.test
+run_test ./chage/37_chage_interactive-I_invalid2/chage.test
+run_test ./chage/38_chage_interactive-I-1/chage.test
+run_test ./chage/39_chage_interactive-d-1/chage.test
+run_test ./chsh/01/run
+run_test ./chsh/02_chsh_usage/chsh.test
+run_test ./chsh/03_chsh_usage_invalid_option/chsh.test
+run_test ./chsh/04_chsh_usage_2_users/chsh.test
+run_test ./chsh/05_chsh_myuser_restricted_shell/chsh.test
+run_test ./chsh/06_chsh_myuser_non_restricted_shell/chsh.test
+run_test ./chsh/07_chsh_usage_invalid_user/chsh.test
+run_test ./chsh/08_chsh_myuser_to_restricted_shell/chsh.test
+run_test ./chsh/09_chsh_myuser_to_missing_shell/chsh.test
+run_test ./chsh/10_chsh_myuser_to_non_executable_shell/chsh.test
+run_test ./chsh/11_chsh_auth_failure/chsh.test
+run_test ./chsh/12_chsh_warning_missing_shell/chsh.test
+run_test ./chsh/13_chsh_warning_non_executable/chsh.test
+run_test ./chsh/14_chsh_locked_passwd/chsh.test
+run_test ./chsh/15_chsh_PAM_error/chsh.test
+run_test ./chroot/chage/01_chage--root/chage.test
+run_test ./chroot/chgpasswd/01_chgpasswd--root/chgpasswd.test
+run_test ./chroot/chpasswd/01_chpasswd--root_nopam/chpasswd.test
+run_test ./chroot/chpasswd/02_chpasswd--root_pam/chpasswd.test
+run_test ./chroot/chsh/01_chsh--root/chsh.test
+run_test ./chroot/gpasswd/01_gpasswd--root/gpasswd.test
+run_test ./chroot/groupadd/01_groupadd--root/groupadd.test
+run_test ./chroot/groupdel/01_groupdel--root/groupdel.test
+run_test ./chroot/groupmod/01_groupmod--root/groupmod.test
+run_test ./chroot/grpck/01_grpck--root/grpck.test
+run_test ./chroot/grpconv/01_grpconv--root/grpconv.test
+run_test ./chroot/grpunconv/01_grpunconv--root/grpunconv.test
+run_test ./chroot/lastlog/01_lastlog--root/lastlog.test
+run_test ./chroot/login/01_login_sublogin/login.test
+run_test ./chroot/pwck/01_pwck--root/pwck.test
+run_test ./chroot/pwconv/01_pwconv--root/pwconv.test
+run_test ./chroot/pwunconv/01_pwunconv--root/pwunconv.test
+run_test ./chroot/useradd/01_useradd--root/useradd.test
+run_test ./chroot/useradd/02_useradd--root_login.defs/useradd.test
+run_test ./chroot/useradd/03_useradd--root_useradd.default/useradd.test
+run_test ./chroot/useradd/04_useradd--root_useradd-D/useradd.test
+run_test ./chroot/useradd/05_useradd--root_useradd-D-e-g/useradd.test
+run_test ./chroot/userdel/01_userdel--root/userdel.test
+run_test ./chroot/usermod/01_usermod--root/usermod.test
+run_test ./convtools/01/run
+run_test ./convtools/02_grpconv_remove_gshadow_only_entries/grpconv.test
+run_test ./convtools/03_grpconv_copy_passwd/grpconv.test
+run_test ./convtools/04_grpconv_no_password/grpconv.test
+run_test ./convtools/05_grpconv_copy_passwd_existing_gshadow/grpconv.test
+run_test ./convtools/06_grpconv_error_group_locked/grpconv.test
+run_test ./convtools/07_grpconv_error_gshadow_locked/grpconv.test
+run_test ./convtools/08_grpunconv_no_gshadow_file/grpunconv.test
+run_test ./convtools/09_grpunconv_error_group_locked/grpunconv.test
+run_test ./convtools/10_grpunconv_error_gshadow_locked/grpunconv.test
+run_test ./convtools/11_pwconv_error_passwd_locked/pwconv.test
+run_test ./convtools/12_pwconv_error_shadow_locked/pwconv.test
+run_test ./convtools/13_pwunconv_error_passwd_locked/pwunconv.test
+run_test ./convtools/14_pwunconv_error_shadow_locked/pwunconv.test
+run_test ./convtools/15_pwconv_remove_shadow_only_entries/pwconv.test
+run_test ./convtools/16_pwconv_copy_passwd/pwconv.test
+run_test ./convtools/17_pwunconv_no_shadow_file/pwunconv.test
+run_test ./convtools/18_pwunconv_user_not_in_shadow/pwunconv.test
+run_test ./convtools/19_pwconv_NIS/pwconv.test
+run_test ./convtools/20_pwunconv_usage_option/pwunconv.test
+run_test ./convtools/21_pwunconv_keep_passwd_password/pwunconv.test
+run_test ./convtools/22_grpunconv_usage_option/grpunconv.test
+run_test ./convtools/23_grpunconv_keep_group_password/grpunconv.test
+run_test ./convtools/24_grpunconv_no_gshadow_entry/grpunconv.test
+run_test ./convtools/25_pwconv_usage_option/pwconv.test
+run_test ./convtools/26_grpconv_usage_option/grpconv.test
+run_test ./convtools/27_pwunconv_usage/pwunconv.test
+run_test ./convtools/28_pwunconv_usage_extra_arg/pwunconv.test
+run_test ./convtools/29_grpconv_usage/grpconv.test
+run_test ./convtools/30_grpconv_usage_extra_arg/grpconv.test
+run_test ./convtools/31_pwconv_usage/pwconv.test
+run_test ./convtools/32_pwconv_usage_extra_arg/pwconv.test
+run_test ./convtools/33_grpunconv_usage/grpunconv.test
+run_test ./convtools/34_grpunconv_usage_extra_arg/grpunconv.test
+run_test ./cptools/02_cppw_usage/cppw.test
+run_test ./cptools/03_cppw_usage_invalid_option/cppw.test
+run_test ./cptools/04_cppw_no_file_argument/cppw.test
+run_test ./cptools/05_cppw_2_files/cppw.test
+run_test ./cptools/06_cppw_no_file/cppw.test
+run_test ./cptools/07_cppw_locked_passwd/cppw.test
+run_test ./cptools/08_cppw-p/cppw.test
+run_test ./cptools/09_cppw-g/cppw.test
+run_test ./cptools/10_cppw-g-s/cppw.test
+run_test ./cptools/11_cppw-p-s/cppw.test
+run_test ./cptools/12_cppw-s_no_shadow_file/cppw.test
+run_test ./debian/01/run
+run_test ./grouptools/chgpasswd/01_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/02_chgpasswd_multiple_groups/chgpasswd.test
+run_test ./grouptools/chgpasswd/03_chgpasswd_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/04_chgpasswd_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/05_chgpasswd_error_no_password/chgpasswd.test
+run_test ./grouptools/chgpasswd/06_chgpasswd_usage/chgpasswd.test
+run_test ./grouptools/chgpasswd/07_chgpasswd_usage_bad_option/chgpasswd.test
+run_test ./grouptools/chgpasswd/08_chgpasswd_usage-e-m_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/09_chgpasswd_usage-e-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/10_chgpasswd_usage-m-c_exclusive/chgpasswd.test
+run_test ./grouptools/chgpasswd/11_chgpasswd_usage-s_without-c/chgpasswd.test
+run_test ./grouptools/chgpasswd/12_chgpasswd_usage-s_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/13_chgpasswd_usage-c_invalid/chgpasswd.test
+run_test ./grouptools/chgpasswd/14_chgpasswd_password_encrypted/chgpasswd.test
+run_test ./grouptools/chgpasswd/15_chgpasswd_password_md5/chgpasswd.test
+run_test ./grouptools/chgpasswd/16_chgpasswd_password_NONE/chgpasswd.test
+run_test ./grouptools/chgpasswd/17_chgpasswd_password_MD5/chgpasswd.test
+run_test ./grouptools/chgpasswd/18_chgpasswd_password_DES/chgpasswd.test
+run_test ./grouptools/chgpasswd/19_chgpasswd_password_SHA256/chgpasswd.test
+run_test ./grouptools/chgpasswd/20_chgpasswd_password_SHA256_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/21_chgpasswd_password_SHA256_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/22_chgpasswd_password_SHA512/chgpasswd.test
+run_test ./grouptools/chgpasswd/23_chgpasswd_password_SHA512_rounds_900/chgpasswd.test
+run_test ./grouptools/chgpasswd/24_chgpasswd_password_SHA512_rounds_9000/chgpasswd.test
+run_test ./grouptools/chgpasswd/25_chgpasswd-e_no_gshadow_file/chgpasswd.test
+run_test ./grouptools/chgpasswd/26_chgpasswd_no_gshadow_file_invalid_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/29_chgpasswd-e_no_gshadow_entry/chgpasswd.test
+run_test ./grouptools/chgpasswd/30_chgpasswd_locked_group/chgpasswd.test
+run_test ./grouptools/chgpasswd/31_chgpasswd_locked_gshadow/chgpasswd.test
+run_test ./grouptools/chgpasswd/32_chgpasswd_invalid_group/chgpasswd.test
+run_test ./grouptools/gpasswd/01_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/02_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/03_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/04_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/05_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/06_gpasswd_change_member_list/gpasswd.test
+run_test ./grouptools/gpasswd/07_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/08_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/09_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/10_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/11_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/12_gpasswd_change_member_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/13_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/14_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/15_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/16_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/17_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/18_gpasswd_change_member_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/19_gpasswd_change_passwd-root/gpasswd.test
+run_test ./grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/22_gpasswd_change_passwd-myuser/gpasswd.test
+run_test ./grouptools/gpasswd/23_gpasswd_change_passwd-myuser-denied/gpasswd.test
+run_test ./grouptools/gpasswd/24_gpasswd_change_passwd-myuser-denied-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/25_gpasswd_remove_password/gpasswd.test
+run_test ./grouptools/gpasswd/26_gpasswd_remove_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/27_gpasswd_remove_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/28_gpasswd_lock_password/gpasswd.test
+run_test ./grouptools/gpasswd/29_gpasswd_lock_password-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/30_gpasswd_lock_password-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/31_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/32_gpasswd_add_user_to_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/33_gpasswd_add_user_to_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/34_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/35_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/36_gpasswd_remove_user_from_group/gpasswd.test
+run_test ./grouptools/gpasswd/37_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/38_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/39_gpasswd_remove_user_from_group-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/40_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/41_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/42_gpasswd_remove_user_from_group-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/43_gpasswd_-r_locked_group/gpasswd.test
+run_test ./grouptools/gpasswd/44_gpasswd_-r_locked_gshadow/gpasswd.test
+run_test ./grouptools/gpasswd/45_gpasswd_-r_unknown_group/gpasswd.test
+run_test ./grouptools/gpasswd/46_gpasswd_-a_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/47_gpasswd_-M_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/48_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/49_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/50_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/51_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/52_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/53_gpasswd_change_admin_list/gpasswd.test
+run_test ./grouptools/gpasswd/54_gpasswd_change_admin_list-no_shadow_group/gpasswd.test
+run_test ./grouptools/gpasswd/55_gpasswd_change_admin_list-no_gshadow_file/gpasswd.test
+run_test ./grouptools/gpasswd/56_gpasswd_add_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/57_gpasswd_remove_user_from_group-not_member/gpasswd.test
+run_test ./grouptools/gpasswd/58_gpasswd_remove_user_from_group-not_gshadow_member/gpasswd.test
+run_test ./grouptools/gpasswd/59_gpasswd_remove_user_from_group-not_group_member/gpasswd.test
+run_test ./grouptools/gpasswd/60_gpasswd_add_long_user_to_group/gpasswd.test
+run_test ./grouptools/gpasswd/61_gpasswd_usage/gpasswd.test
+run_test ./grouptools/gpasswd/62_gpasswd_-A_unknown_user/gpasswd.test
+run_test ./grouptools/gpasswd/63_gpasswd_usage_bad_option/gpasswd.test
+run_test ./grouptools/gpasswd/64_gpasswd_usage-a-d/gpasswd.test
+run_test ./grouptools/gpasswd/65_gpasswd_usage_no_groups/gpasswd.test
+run_test ./grouptools/gpasswd/66_gpasswd_usage_2_groups/gpasswd.test
+run_test ./grouptools/gpasswd/67_gpasswd-A_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/68_gpasswd-M_myuser/gpasswd.test
+run_test ./grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/gpasswd.test
+run_test ./grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/gpasswd.test
+run_test ./grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/gpasswd.test
+run_test ./grouptools/gpasswd/72_gpasswd-M-A/gpasswd.test
+run_test ./grouptools/groupadd/01_groupadd_add_group/groupadd.test
+run_test ./grouptools/groupadd/02_groupadd_add_group_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/03_groupadd_add_group_-K_GID_MIN/groupadd.test
+run_test ./grouptools/groupadd/04_groupadd_set_password/groupadd.test
+run_test ./grouptools/groupadd/05_groupadd_set_GID/groupadd.test
+run_test ./grouptools/groupadd/06_groupadd_-f_add_existing_group/groupadd.test
+run_test ./grouptools/groupadd/07_groupadd_-f_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/08_groupadd_locked_group/groupadd.test
+run_test ./grouptools/groupadd/09_groupadd_locked_gshadow/groupadd.test
+run_test ./grouptools/groupadd/10_groupadd_-o_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/11_groupadd_invalid_GID/groupadd.test
+run_test ./grouptools/groupadd/12_groupadd_negative_GID/groupadd.test
+run_test ./grouptools/groupadd/13_groupadd_invalid_name/groupadd.test
+run_test ./grouptools/groupadd/14_groupadd_invalid_-K_option/groupadd.test
+run_test ./grouptools/groupadd/15_groupadd_invalid_-K_no_=/groupadd.test
+run_test ./grouptools/groupadd/16_groupadd_existing_group/groupadd.test
+run_test ./grouptools/groupadd/17_groupadd_add_systemgroup/groupadd.test
+run_test ./grouptools/groupadd/18_groupadd_no_more_GID/groupadd.test
+run_test ./grouptools/groupadd/19_groupadd_-r_no_more_system_GID/groupadd.test
+run_test ./grouptools/groupadd/20_groupadd_add_existing_GID/groupadd.test
+run_test ./grouptools/groupadd/21_groupadd_invalid_GID_4294967295/groupadd.test
+run_test ./grouptools/groupadd/22_groupadd_usage/groupadd.test
+run_test ./grouptools/groupadd/23_groupadd_no_groups/groupadd.test
+run_test ./grouptools/groupadd/24_groupadd_2_groups/groupadd.test
+run_test ./grouptools/groupadd/25_groupadd_no_gshadow/groupadd.test
+run_test ./grouptools/groupadd/26_groupadd_-o_without_-g/groupadd.test
+run_test ./grouptools/groupadd/27_groupadd_invalid_option/groupadd.test
+run_test ./grouptools/groupdel/01_groupdel_delete_group/groupdel.test
+run_test ./grouptools/groupdel/02_groupdel_delete_group_no_gshadow_group/groupdel.test
+run_test ./grouptools/groupdel/03_groupdel_delete_group_no_gshadow_file/groupdel.test
+run_test ./grouptools/groupdel/04_groupdel_delete_group_error_busy_group/groupdel.test
+run_test ./grouptools/groupdel/05_groupdel_delete_group_error_unknown_group/groupdel.test
+run_test ./grouptools/groupdel/06_groupdel_delete_group_error_locked_group/groupdel.test
+run_test ./grouptools/groupdel/07_groupdel_delete_group_error_locked_gshadow/groupdel.test
+run_test ./grouptools/groupdel/08_groupdel_delete_group_error_no_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/09_groupdel_delete_group_error_two_group_parameter/groupdel.test
+run_test ./grouptools/groupdel/10_groupdel_usage/groupdel.test
+run_test ./grouptools/groupdel/11_groupdel_invalid_option/groupdel.test
+run_test ./grouptools/groupmems/01_groupmems_root_add_user/groupmems.test
+run_test ./grouptools/groupmems/02_groupmems_root_del_user/groupmems.test
+run_test ./grouptools/groupmems/03_groupmems_root_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/04_groupmems_root_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/05_groupmems_root_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/06_groupmems_root_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/07_groupmems_root_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/08_groupmems_root_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/09_groupmems_root_purge_user/groupmems.test
+run_test ./grouptools/groupmems/10_groupmems_root_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/11_groupmems_root_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/12_groupmems_user_add_user/groupmems.test
+run_test ./grouptools/groupmems/13_groupmems_user_del_user/groupmems.test
+run_test ./grouptools/groupmems/14_groupmems_user_del_user_admin/groupmems.test
+run_test ./grouptools/groupmems/15_groupmems_user_del_user_admin_and_user/groupmems.test
+run_test ./grouptools/groupmems/16_groupmems_user_add_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/17_groupmems_user_add_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/18_groupmems_user_del_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/19_groupmems_user_del_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/20_groupmems_user_purge_user/groupmems.test
+run_test ./grouptools/groupmems/21_groupmems_user_purge_user_with_other_users/groupmems.test
+run_test ./grouptools/groupmems/22_groupmems_user_purge_user_with_other_users_admin/groupmems.test
+run_test ./grouptools/groupmems/23_groupmems_user_add_user-not_in_groups/groupmems.test
+run_test ./grouptools/groupmems/24_groupmems_user_add_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/25_groupmems_user_add_user-not_user_group/groupmems.test
+run_test ./grouptools/groupmems/26_groupmems_user_add_user-already_member/groupmems.test
+run_test ./grouptools/groupmems/27_groupmems_user_add_user-already_member_in_group/groupmems.test
+run_test ./grouptools/groupmems/28_groupmems_user_add_user-already_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/29_groupmems_user_add_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/30_groupmems_user_add_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/31_groupmems_user_add_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/32_groupmems_user_del_user-not_member/groupmems.test
+run_test ./grouptools/groupmems/33_groupmems_user_del_user-not_member_in_gshadow/groupmems.test
+run_test ./grouptools/groupmems/34_groupmems_user_del_user-user_does_not_exist/groupmems.test
+run_test ./grouptools/groupmems/35_groupmems_user_del_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/36_groupmems_user_del_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/37_groupmems_user_purge_user-empty_group/groupmems.test
+run_test ./grouptools/groupmems/38_groupmems_user_purge_user-no_gshadow_group/groupmems.test
+run_test ./grouptools/groupmems/39_groupmems_user_purge_user-no_gshadow_file/groupmems.test
+run_test ./grouptools/groupmems/40_groupmems_user_del_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/41_groupmems_user_purge_user-not_primary_group/groupmems.test
+run_test ./grouptools/groupmems/42_groupmems_user_list_users/groupmems.test
+run_test ./grouptools/groupmems/43_groupmems_user_list_users-gshadow_ignored/groupmems.test
+run_test ./grouptools/groupmems/44_groupmems_user_list_users-another_group/groupmems.test
+run_test ./grouptools/groupmems/45_groupmems_user_list_users-group_locked/groupmems.test
+run_test ./grouptools/groupmems/46_groupmems_user_list_users-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/47_groupmems_user_add_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/48_groupmems_user_add_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/49_groupmems_user_del_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/50_groupmems_user_del_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/51_groupmems_user_purge_user-group_locked/groupmems.test
+run_test ./grouptools/groupmems/52_groupmems_user_purge_user-gshadow_locked/groupmems.test
+run_test ./grouptools/groupmems/53_groupmems_usage/groupmems.test
+run_test ./grouptools/groupmems/54_groupmems_usage_invalid_option/groupmems.test
+run_test ./grouptools/groupmems/55_groupmems_usage-a-d/groupmems.test
+run_test ./grouptools/groupmems/56_groupmems_usage_extra_arg/groupmems.test
+run_test ./grouptools/groupmems/57_groupmems_authentication/groupmems.test
+run_test ./grouptools/groupmems/58_groupmems_authentication_failure1/groupmems.test
+run_test ./grouptools/groupmems/59_groupmems_authentication_failure2/groupmems.test
+run_test ./grouptools/groupmems/60_groupmems_authentication_failure3/groupmems.test
+run_test ./grouptools/groupmod/01_groupmod_change_gid/groupmod.test
+run_test ./grouptools/groupmod/02_groupmod_change_gid_change_primary_group/groupmod.test
+run_test ./grouptools/groupmod/03_groupmod_change_gid_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/04_groupmod_change_gid_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/05_groupmod_change_gid_-o_override_used_GID/groupmod.test
+run_test ./grouptools/groupmod/06_groupmod_change_group_name/groupmod.test
+run_test ./grouptools/groupmod/07_groupmod_change_group_name_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/08_groupmod_change_group_name_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/09_groupmod_set_password/groupmod.test
+run_test ./grouptools/groupmod/10_groupmod_set_password_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/11_groupmod_set_password_no_gshadow_file/groupmod.test
+run_test ./grouptools/groupmod/12_groupmod_change_gid_error_unknown_group/groupmod.test
+run_test ./grouptools/groupmod/13_groupmod_change_gid_error_used_GID/groupmod.test
+run_test ./grouptools/groupmod/14_groupmod_change_group_name_error_used_name/groupmod.test
+run_test ./grouptools/groupmod/15_groupmod_change_group_name_error_invalid_name/groupmod.test
+run_test ./grouptools/groupmod/16_groupmod_change_group_name_no_changes/groupmod.test
+run_test ./grouptools/groupmod/17_groupmod_change_gid_error_locked_group/groupmod.test
+run_test ./grouptools/groupmod/18_groupmod_change_gid_no_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/19_groupmod_change_gid_error_invalid_GID/groupmod.test
+run_test ./grouptools/groupmod/20_groupmod_change_gid_error_negative_GID/groupmod.test
+run_test ./grouptools/groupmod/21_groupmod_change_gid_error_no_group/groupmod.test
+run_test ./grouptools/groupmod/22_groupmod_change_gid_and_group_name/groupmod.test
+run_test ./grouptools/groupmod/23_groupmod_change_gid_and_group_name_and_password/groupmod.test
+run_test ./grouptools/groupmod/24_groupmod_change_gid_and_name_error_locked_gshadow/groupmod.test
+run_test ./grouptools/groupmod/25_groupmod_change_gid_change_primary_group_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/26_groupmod_change_group_name_no_error_locked_passwd/groupmod.test
+run_test ./grouptools/groupmod/27_groupmod_change_gid_error_GID_4294967295/groupmod.test
+run_test ./grouptools/groupmod/28_groupmod_usage/groupmod.test
+run_test ./grouptools/groupmod/29_groupmod_-g_same_gid_new_name/groupmod.test
+run_test ./grouptools/groupmod/30_groupmod_-g_same_gid_same_name/groupmod.test
+run_test ./grouptools/groupmod/31_groupmod_-g_same_gid/groupmod.test
+run_test ./grouptools/groupmod/32_groupmod_-o_without_-g/groupmod.test
+run_test ./grouptools/groupmod/33_groupmod_set_password_no_gshadow_file_with_group_pwd_x/groupmod.test
+run_test ./grouptools/groupmod/34_groupmod_set_password_group_without_shadow_pwd/groupmod.test
+run_test ./grouptools/groupmod/35_groupmod_set_password_group_without_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/36_groupmod_set_password_group_with_shadow_pwd_no_gshadow_group/groupmod.test
+run_test ./grouptools/groupmod/37_groupmod_invalid_option/groupmod.test
+run_test ./log/faillog/01_faillog_no_faillog/faillog.test
+run_test ./log/faillog/02_faillog_usage/faillog.test
+run_test ./log/faillog/03_faillog_format/faillog.test
+run_test ./log/faillog/04_faillog_multiple/faillog.test
+run_test ./log/faillog/05_faillog-u_ID/faillog.test
+run_test ./log/faillog/06_faillog-u_name/faillog.test
+run_test ./log/faillog/07_faillog-u_ID_invalid/faillog.test
+run_test ./log/faillog/08_faillog-u_name_invalid/faillog.test
+run_test ./log/faillog/09_faillog-u_range/faillog.test
+run_test ./log/faillog/10_faillog-u_open_range/faillog.test
+run_test ./log/faillog/11_faillog-u_range_open/faillog.test
+run_test ./log/faillog/12_faillog-u_range_invalid1/faillog.test
+run_test ./log/faillog/13_faillog-u_range_invalid2/faillog.test
+run_test ./log/faillog/14_faillog-u_range_invalid3/faillog.test
+run_test ./log/faillog/15_faillog_bad_option/faillog.test
+run_test ./log/faillog/16_faillog_extra_arg/faillog.test
+run_test ./log/faillog/17_faillog-t/faillog.test
+run_test ./log/faillog/18_faillog-t_invalid/faillog.test
+run_test ./log/faillog/19_faillog_multiple_same_user/faillog.test
+run_test ./log/faillog/20_faillog-r-u/faillog.test
+run_test ./log/faillog/21_faillog-r-u_range/faillog.test
+run_test ./log/faillog/22_faillog_removed_user/faillog.test
+run_test ./log/faillog/23_faillog-a_removed_user/faillog.test
+run_test ./log/faillog/24_faillog-u_removed_user/faillog.test
+run_test ./log/faillog/25_faillog-r-u_removed_user/faillog.test
+run_test ./log/faillog/26_faillog-r-u_range_removed_user/faillog.test
+run_test ./log/faillog/27_faillog-r-a-u_range_removed_user/faillog.test
+run_test ./log/faillog/28_faillog-r-a-u_open_range_removed_user/faillog.test
+run_test ./log/faillog/29_faillog-r-a-u_range_open_removed_user/faillog.test
+run_test ./log/faillog/30_faillog-r/faillog.test
+run_test ./log/faillog/31_faillog-r-u_open_range/faillog.test
+run_test ./log/faillog/32_faillog-l/faillog.test
+run_test ./log/faillog/33_faillog-l-u_user/faillog.test
+run_test ./log/faillog/34_faillog-l-u_range/faillog.test
+run_test ./log/faillog/35_faillog-l-u_open_range/faillog.test
+run_test ./log/faillog/36_faillog-l-u_range_open/faillog.test
+run_test ./log/faillog/37_faillog-l-a-u_user/faillog.test
+run_test ./log/faillog/38_faillog-l-a-u_range/faillog.test
+run_test ./log/faillog/39_faillog-l-a-u_open_range/faillog.test
+run_test ./log/faillog/40_faillog-l-a-u_range_open/faillog.test
+run_test ./log/faillog/41_faillog-l_invalid/faillog.test
+run_test ./log/faillog/42_faillog-m/faillog.test
+run_test ./log/faillog/43_faillog-m-u_user/faillog.test
+run_test ./log/faillog/44_faillog-m-u_range/faillog.test
+run_test ./log/faillog/45_faillog-m-u_open_range/faillog.test
+run_test ./log/faillog/46_faillog-m-u_range_open/faillog.test
+run_test ./log/faillog/47_faillog-m-a-u_user/faillog.test
+run_test ./log/faillog/48_faillog-m-a-u_range/faillog.test
+run_test ./log/faillog/49_faillog-m-a-u_open_range/faillog.test
+run_test ./log/faillog/50_faillog-m-a-u_range_open/faillog.test
+run_test ./log/faillog/51_faillog-m_invalid/faillog.test
+run_test ./log/faillog/52_faillog-t-l_exclusive/faillog.test
+run_test ./log/faillog/53_faillog-t-m_exclusive/faillog.test
+run_test ./log/faillog/54_faillog-t-r_exclusive/faillog.test
+run_test ./log/faillog/55_faillog_no_changes/faillog.test
+run_test ./log/faillog/56_faillog-l-m_empty_file/faillog.test
+run_test ./log/faillog/57_faillog-r_empty_file/faillog.test
+run_test ./log/faillog/58_faillog-l_no_failcount/faillog.test
+run_test ./log/lastlog/01_lastlog_no_lastlog/lastlog.test
+run_test ./log/lastlog/02_lastlog_usage/lastlog.test
+run_test ./log/lastlog/03_lastlog_format/lastlog.test
+run_test ./log/lastlog/04_lastlog_multiple/lastlog.test
+run_test ./log/lastlog/05_lastlog-u_ID/lastlog.test
+run_test ./log/lastlog/06_lastlog-u_name/lastlog.test
+run_test ./log/lastlog/07_lastlog-u_ID_invalid/lastlog.test
+run_test ./log/lastlog/08_lastlog-u_name_invalid/lastlog.test
+run_test ./log/lastlog/09_lastlog-u_range/lastlog.test
+run_test ./log/lastlog/10_lastlog-u_open_range/lastlog.test
+run_test ./log/lastlog/11_lastlog-u_range_open/lastlog.test
+run_test ./log/lastlog/12_lastlog-u_range_invalid1/lastlog.test
+run_test ./log/lastlog/13_lastlog-u_range_invalid2/lastlog.test
+run_test ./log/lastlog/14_lastlog-u_range_invalid3/lastlog.test
+run_test ./log/lastlog/15_lastlog_bad_option/lastlog.test
+run_test ./log/lastlog/16_lastlog_extra_arg/lastlog.test
+run_test ./log/lastlog/17_lastlog-t/lastlog.test
+run_test ./log/lastlog/18_lastlog-b/lastlog.test
+run_test ./log/lastlog/19_lastlog-t_invalid/lastlog.test
+run_test ./log/lastlog/20_lastlog-b_invalid/lastlog.test
+run_test ./usertools/01/01_useradd_add_user.test
+run_test ./usertools/01/01_userdel_delete_user.test
+run_test ./usertools/01/02_useradd_recreate_deleted_user.test
+run_test ./usertools/01/03_useradd_additional_options.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_fail.test
+run_test ./usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
+run_test ./usertools/01/04_useradd_specified_UID.test
+run_test ./usertools/01/04_useradd_specified_UID_and_GID.test
+run_test ./usertools/01/04_userdel_delete_user_with_non_unique_UID.test
+run_test ./usertools/01/05_useradd_invalid_numeric_primary_group.test
+run_test ./usertools/01/06_useradd_invalid_named_primary_group.test
+run_test ./usertools/01/07_useradd_numerical_primary_group.test
+run_test ./usertools/01/08_useradd_named_primary_group.test
+run_test ./usertools/01/09_usermod_change_user_info.test
+run_test ./usertools/01/10_usermod_rename_user.test
+run_test ./usertools/01/10_usermod_rename_user_in_group.test
+run_test ./usertools/01/11_usermod_change_password.test
+run_test ./usertools/01/11_usermod_lock_password.test
+run_test ./usertools/01/11_usermod_unlock_empty_password.test
+run_test ./usertools/01/11_usermod_unlock_password.test
+run_test ./usertools/01/12_usermod_change_gid_name.test
+run_test ./usertools/01/12_usermod_change_gid_number.test
+run_test ./usertools/01/13_useradd_negative_UID.test
+run_test ./usertools/01/14_useradd_out_of_range_UID.test
+run_test ./usertools/01/15_useradd_specified_large_UID.test
+run_test ./usertools/01/16_useradd_add_user_to_multiple_groups.test
+run_test ./usertools/01/16_useradd_add_user_to_one_group.test
+run_test ./usertools/01/17_useradd_create_homedir.test
+run_test ./usertools/01/18_userdel_remove_homedir.test
+run_test ./usertools/01/19_userdel_delete_user_in_group.test
+run_test ./usertools/01/20_usermod_change_homedir.test
+run_test ./usertools/01/21_usermod_change_and_move_homedir.test
+run_test ./usertools/01/22_usermod_new_groups.test
+run_test ./usertools/01/23_usermod_add_groups.test
+run_test ./usertools/01/24_usermod_new_groups_remove_old_groups.test
+run_test ./usertools/01/25_useradd_specified_large_UID2.test
+run_test ./usertools/01/26_useradd_UID_-1.test
+run_test ./usertools/02/useradd_default_default_values.test
+run_test ./usertools/02/useradd_get_default_values.test
+run_test ./usertools/02/useradd_change_default_INACTIVE.test
+run_test ./usertools/02/useradd_change_default_SHELL.test
+run_test ./usertools/02/useradd_change_default_EXPIRE.test
+run_test ./usertools/02/useradd_change_default_GROUP.test
+run_test ./usertools/02/useradd_change_default_HOME.test
+run_test ./usertools/02/useradd_change_defaults.test
+run_test ./usertools/03/useradd_change_defaults.test
+run_test ./usertools/04/01_useradd_add_user.test
+run_test ./usertools/05_userdel_del_from_group_members/userdel.test
+run_test ./usertools/06_userdel_del_from_gshadow_members/userdel.test
+run_test ./usertools/07_userdel_del_from_gshadow_admins/userdel.test
+run_test ./usertools/08_userdel_del_from_group_and_gshadow/userdel.test
+run_test ./usertools/09_userdel_del_homedir/userdel.test
+run_test ./usertools/10_userdel_del_homedir_wrong_owner/userdel.test
+run_test ./usertools/11_usermod_move_homedir/usermod.test
+run_test ./usertools/12_usermod_move_homedir_dev_null/usermod.test
+run_test ./usertools/13_usermod_move_homedir_file/usermod.test
+run_test ./usertools/14_usermod_move_homedir_other_device/usermod.test
+run_test ./usertools/15_usermod_change_supplementary_groups/usermod.test
+run_test ./usertools/16_usermod_clear_supplementary_groups/usermod.test
+run_test ./usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
+run_test ./usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
+run_test ./usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
+run_test ./usertools/20_usermod_rename_user_in_member_lists/usermod.test
+run_test ./usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
+run_test ./usertools/22_usermod-a_existing_supplementary_group/usermod.test
+run_test ./usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
+run_test ./usertools/24_usermod_locked_passwd/usermod.test
+run_test ./usertools/25_usermod-G_locked_group/usermod.test
+run_test ./usertools/26_usermod_locked_shadow/usermod.test
+run_test ./usertools/27_usermod-G_locked_gshadow/usermod.test
+run_test ./usertools/28_usermod-c_locked_group/usermod.test
+run_test ./usertools/29_usermod-c_locked_gshadow/usermod.test
+run_test ./usertools/30_usermod-l_locked_group/usermod.test
+run_test ./usertools/31_usermod-l_locked_gshadow/usermod.test
+run_test ./usertools/32_usermod-u_new_UID/usermod.test
+run_test ./usertools/33_usermod-u_existing_UID/usermod.test
+run_test ./usertools/34_usermod-u-o_existing_UID/usermod.test
+run_test ./usertools/35_usermod-u_invalid_UID/usermod.test
+run_test ./usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
+run_test ./usertools/37_Debian_Bug_470745/usermod.test
+run_test ./usertools/38_usermod_invalid_user/usermod.test
+run_test ./usertools/39_usermod_-c_invalid_comment/usermod.test
+run_test ./usertools/40_usermod_-d_invalid_homedir/usermod.test
+run_test ./usertools/41_usermod_-d_invalid_shell/usermod.test
+run_test ./usertools/42_usermod_-g_invalid_group_name/usermod.test
+run_test ./usertools/43_usermod_-g_invalid_group_ID/usermod.test
+run_test ./usertools/44_usermod-l_existing_username/usermod.test
+run_test ./usertools/45_usermod-l_existing_username_passwd/usermod.test
+run_test ./usertools/46_usermod-l_existing_username_shadow/usermod.test
+run_test ./usertools/47_usermod-l_no_shadow_file/usermod.test
+run_test ./usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
+run_test ./usertools/49_userdel_delete_users_group/userdel.test
+run_test ./usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
+run_test ./usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
+run_test ./usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
+run_test ./usertools/53_userdel_delete_user_no_shadow_file/userdel.test
+run_test ./usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
+run_test ./usertools/55_userdel_busy_user/userdel.test
+run_test ./usertools/56_userdel_locked_passwd/userdel.test
+run_test ./usertools/57_userdel_locked_group/userdel.test
+run_test ./usertools/58_userdel_locked_shadow/userdel.test
+run_test ./usertools/59_userdel_locked_gshadow/userdel.test
+run_test ./usertools/60_userdel_invalid_user/userdel.test
+run_test ./usertools/61_userdel_del_homedir_with_symlinks/userdel.test
+run_test ./usertools/62_usermod_remove_supplementary_groups/usermod.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
+else
+	run_test ./usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
+	run_test ./usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
+	run_test ./usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
+	run_test ./usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
+	run_test ./usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
+fi
+run_test ./usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
+run_test ./usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
+run_test ./usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
+run_test ./usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
+run_test ./usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
+run_test ./usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
+run_test ./usertools/useradd/01_useradd_usage/useradd.test
+run_test ./usertools/useradd/02_useradd_usage_invalid_option/useradd.test
+run_test ./usertools/useradd/03_useradd_usage_no_users/useradd.test
+run_test ./usertools/useradd/04_useradd_usage_2_users/useradd.test
+run_test ./usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
+run_test ./usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
+run_test ./usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
+run_test ./usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
+run_test ./usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
+run_test ./usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
+run_test ./usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
+run_test ./usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
+run_test ./usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
+run_test ./usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
+run_test ./usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
+run_test ./usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
+run_test ./usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
+run_test ./usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
+run_test ./usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
+run_test ./usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
+run_test ./usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
+run_test ./usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
+run_test ./usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
+run_test ./usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
+run_test ./usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
+run_test ./usertools/useradd/26_useradd_usage-o_without-u/useradd.test
+run_test ./usertools/useradd/27_useradd_usage-k_without-m/useradd.test
+run_test ./usertools/useradd/28_useradd_usage-U_with-g/useradd.test
+run_test ./usertools/useradd/29_useradd_usage-U_with-N/useradd.test
+run_test ./usertools/useradd/30_useradd_usage-m_with-M/useradd.test
+run_test ./usertools/useradd/31_useradd_usage_user_with-D/useradd.test
+run_test ./usertools/useradd/32_useradd_usage-D_with_other/useradd.test
+run_test ./usertools/useradd/33_useradd_usage_invalid_username/useradd.test
+run_test ./usertools/useradd/35_useradd_default_GROUP_name/useradd.test
+run_test ./usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
+run_test ./usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
+run_test ./usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
+run_test ./usertools/useradd/38_useradd_default_INACTIVE/useradd.test
+run_test ./usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
+run_test ./usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
+run_test ./usertools/useradd/41_useradd_default_default_SKEL/useradd.test
+run_test ./usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
+run_test ./usertools/useradd/43_useradd_default_no_final_eol/useradd.test
+run_test ./usertools/useradd/44_useradd_default_no_file/useradd.test
+run_test ./usertools/useradd/45_useradd-G_UID_name/useradd.test
+run_test ./usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
+run_test ./usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
+run_test ./usertools/useradd/48_useradd-G_name_duplicate/useradd.test
+run_test ./usertools/useradd/49_useradd-G_invalid_group/useradd.test
+run_test ./usertools/useradd/50_useradd-r/useradd.test
+run_test ./usertools/useradd/51_useradd_already_exist/useradd.test
+run_test ./usertools/useradd/52_useradd-U_group_already_exist/useradd.test
+run_test ./usertools/useradd/53_useradd-G_empty/useradd.test
+run_test ./usertools/useradd/54_useradd_no_shadow_file/useradd.test
+run_test ./usertools/useradd/55_useradd_no_gshadow_file/useradd.test
+run_test ./usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
+run_test ./usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
+run_test ./usertools/useradd/58_useradd-e_empty/useradd.test
+run_test ./usertools/useradd/59_useradd-e-1-f-1/useradd.test
+run_test ./usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
+run_test ./usertools/useradd/61_useradd-K/useradd.test
+run_test ./usertools/useradd/62_useradd-p/useradd.test
+run_test ./usertools/useradd/63_useradd-s/useradd.test
+run_test ./usertools/useradd/64_useradd_locked_passwd/useradd.test
+run_test ./usertools/useradd/65_useradd_locked_group/useradd.test
+run_test ./usertools/useradd/66_useradd_locked_shadow/useradd.test
+run_test ./usertools/useradd/67_useradd_locked_gshadow/useradd.test
+run_test ./usertools/useradd/68_useradd-s_empty/useradd.test
+run_test ./usertools/userdel/01_userdel_usage/userdel.test
+run_test ./usertools/userdel/02_userdel_usage_invalid_option/userdel.test
+run_test ./usertools/userdel/03_userdel_usage_no_users/userdel.test
+run_test ./usertools/userdel/04_userdel_usage_2_users/userdel.test
+run_test ./usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
+run_test ./usertools/userdel/06_userdel_no_usergroup/userdel.test
+run_test ./usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
+run_test ./usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
+run_test ./usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
+run_test ./usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
+run_test ./usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
+run_test ./usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
+run_test ./usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
+run_test ./usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
+run_test ./usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
+run_test ./usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
+run_test ./usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
+run_test ./usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
+run_test ./usertools/usermod/10_usermod_usage/usermod.test
+run_test ./usertools/usermod/11_usermod_usage_bad_option/usermod.test
+run_test ./usertools/usermod/12_usermod_usage_bad-f/usermod.test
+run_test ./usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
+run_test ./usertools/usermod/14_usermod_usage_no_options/usermod.test
+run_test ./usertools/usermod/15_usermod_usage_no_user/usermod.test
+run_test ./usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
+run_test ./usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
+run_test ./usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
+run_test ./usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
+run_test ./usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
+run_test ./usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
+run_test ./usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
+run_test ./usertools/usermod/23_usermod-e_date/usermod.test
+run_test ./usertools/usermod/24_usermod-e_date/usermod.test
+run_test ./usertools/usermod/25_usermod-e_empty_arg/usermod.test
+run_test ./usertools/usermod/26_usermod-e-1/usermod.test
+run_test ./usertools/usermod/27_usermod-e_invalid1/usermod.test
+run_test ./usertools/usermod/28_usermod-e_invalid2/usermod.test
+run_test ./usertools/usermod/29_usermod_no_changes/usermod.test
+run_test ./usertools/usermod/30_usermod_usage-a_without-G/usermod.test
+run_test ./usertools/usermod/31_usermod_usage-o_without-u/usermod.test
+run_test ./usertools/usermod/32_usermod_usage-m_without-d/usermod.test
+run_test ./usertools/usermod/33_usermod_change_shell/usermod.test
+run_test ./usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
+run_test ./usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
+run_test ./usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
+run_test ./usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
+run_test ./usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
+run_test ./usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
+run_test ./usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
+run_test ./usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
+run_test ./usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
+run_test ./usertools/usermod/44_usermod-l_move_mailbox/usermod.test
+run_test ./usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
+run_test ./usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
+run_test ./usertools/usermod/47_usermod-u_default_maildir/usermod.test
+run_test ./usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
+run_test ./usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
+run_test ./usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
+run_test ./usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
+run_test ./usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
+run_test ./cptools/01/run1
+run_test ./cptools/01/run2
+run_test ./cptools/01/run3
+run_test ./cptools/01/run4
+run_test ./cktools/01/run1
+run_test ./cktools/01/run2
+run_test ./cktools/02_pwck_sort/pwck.test
+run_test ./cktools/03_grpck_sort/grpck.test
+run_test ./cktools/04_pwck_sort_missing_shadow_user/pwck.test
+run_test ./cktools/05_grpck_sort_missing_shadow_group/grpck.test
+run_test ./cktools/06_pwck_sort_NIS_server/pwck.test
+run_test ./cktools/07_pwck_sort_NIS_client/pwck.test
+run_test ./cktools/grpck/04_grpck_missing_field_group_delete/grpck.test
+run_test ./cktools/grpck/05_grpck_missing_field_group_keep/grpck.test
+run_test ./cktools/grpck/06_grpck_missing_field_group_no_changes/grpck.test
+run_test ./cktools/grpck/07_grpck_missing_field_gshadow_add/grpck.test
+run_test ./cktools/grpck/08_grpck_missing_field_gshadow_delete/grpck.test
+run_test ./cktools/grpck/09_grpck_missing_field_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/10_grpck_missing_field_group_local/grpck.test
+run_test ./cktools/grpck/11_grpck_missing_field_gshadow_local/grpck.test
+run_test ./cktools/grpck/12_grpck_unknown_user_group/grpck.test
+run_test ./cktools/grpck/13_grpck_unknown_user_gshadow/grpck.test
+run_test ./cktools/grpck/14_grpck_unknown_user_adm_gshadow/grpck.test
+run_test ./cktools/grpck/15_grpck_unknown_user_duplicate_group/grpck.test
+run_test ./cktools/grpck/16_grpck_duplicate_entry_group/grpck.test
+run_test ./cktools/grpck/17_grpck_duplicate_entry_gshadow/grpck.test
+run_test ./cktools/grpck/18_grpck_duplicate_entry_group_no_changes/grpck.test
+run_test ./cktools/grpck/19_grpck_duplicate_entry_gshadow_no_changes/grpck.test
+run_test ./cktools/grpck/20_grpck_duplicate_entry_gshadow_delete_second/grpck.test
+run_test ./cktools/grpck/21_grpck_invalid_group_name/grpck.test
+run_test ./cktools/grpck/22_grpck_invalid_group_ID_-1/grpck.test
+run_test ./cktools/grpck/23_grpck_invalid_group_ID_4294967295/grpck.test
+run_test ./cktools/grpck/24_grpck_invalid_group_ID_4294967296/grpck.test
+run_test ./cktools/grpck/25_grpck_unknown_user_group_no_changes/grpck.test
+run_test ./cktools/grpck/26_grpck_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/27_grpck_sort_no_gshadow_file/grpck.test
+run_test ./cktools/grpck/28_grpck_usage/grpck.test
+run_test ./cktools/grpck/29_grpck_sort_readonly/grpck.test
+run_test ./cktools/grpck/30_grpck_3_files/grpck.test
+run_test ./cktools/grpck/31_grpck_missing_field_group_local_no_gshadow/grpck.test
+run_test ./cktools/grpck/32_grpck_sort_nis/grpck.test
+run_test ./cktools/grpck/33_grpck_locked_group/grpck.test
+run_test ./cktools/grpck/34_grpck_locked_gshadow/grpck.test
+run_test ./cktools/grpck/35_grpck_duplicate_entry_group_NIS/grpck.test
+run_test ./cktools/grpck/36_grpck_password_group_gshadow/grpck.test
+run_test ./cktools/grpck/37_grpck_invalid_option/grpck.test
+run_test ./cktools/pwck/04_pwck_missing_field_passwd_delete/pwck.test
+run_test ./cktools/pwck/05_pwck_missing_field_passwd_keep/pwck.test
+run_test ./cktools/pwck/06_pwck_missing_field_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/07_pwck_missing_field_shadow_add/pwck.test
+run_test ./cktools/pwck/08_pwck_missing_field_shadow_delete/pwck.test
+run_test ./cktools/pwck/09_pwck_missing_field_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/10_pwck_missing_field_passwd_local/pwck.test
+run_test ./cktools/pwck/11_pwck_missing_field_shadow_local/pwck.test
+run_test ./cktools/pwck/12_pwck_unknown_user_group_ID/pwck.test
+run_test ./cktools/pwck/13_pwck_duplicate_entry_passwd/pwck.test
+run_test ./cktools/pwck/14_pwck_duplicate_entry_shadow/pwck.test
+run_test ./cktools/pwck/15_pwck_duplicate_entry_passwd_no_changes/pwck.test
+run_test ./cktools/pwck/16_pwck_duplicate_entry_shadow_no_changes/pwck.test
+run_test ./cktools/pwck/17_pwck_duplicate_entry_passwd_delete_second/pwck.test
+run_test ./cktools/pwck/18_pwck_invalid_user_name/pwck.test
+run_test ./cktools/pwck/19_pwck_invalid_user_ID_-1/pwck.test
+run_test ./cktools/pwck/20_pwck_invalid_user_ID_4294967295/pwck.test
+run_test ./cktools/pwck/21_pwck_invalid_user_ID_4294967296/pwck.test
+run_test ./cktools/pwck/22_pwck_usage/pwck.test
+run_test ./cktools/pwck/23_pwck_locked_passwd/pwck.test
+run_test ./cktools/pwck/24_pwck_locked_shadow/pwck.test
+run_test ./cktools/pwck/25_pwck_usage_invalid_option/pwck.test
+run_test ./cktools/pwck/26_pwck_usage-s-r/pwck.test
+run_test ./cktools/pwck/27_pwck_usage_3_files/pwck.test
+run_test ./cktools/pwck/28_pwck_no_shadow_file/pwck.test
+run_test ./cktools/pwck/29_pwck_password_change_in_future/pwck.test
+run_test ./cktools/pwck/30_pwck_NIS_entries/pwck.test
+run_test ./cktools/pwck/31_pwck_shadow_entry_passwd_no_x/pwck.test
+run_test ./cktools/pwck/32_pwck_quiet/pwck.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_DES-MD5_CRYPT_ENAB/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/01_chpasswd.test
+	run_test ./crypt/login.defs_DES/02_chpasswd--crypt-method-MD5.test
+	run_test ./crypt/login.defs_DES/03_chpasswd--crypt-method-DES.test
+	run_test ./crypt/login.defs_DES/04_chpasswd--crypt-method-NONE.test
+	run_test ./crypt/login.defs_DES/05_chpasswd-e.test
+	run_test ./crypt/login.defs_DES/06_chpasswd-m.test
+fi
+run_test ./crypt/login.defs_DES/07_chgpasswd.test
+run_test ./crypt/login.defs_DES/08_chgpasswd--crypt-method-MD5.test
+run_test ./crypt/login.defs_DES/09_chgpasswd--crypt-method-DES.test
+run_test ./crypt/login.defs_DES/10_chgpasswd--crypt-method-NONE.test
+run_test ./crypt/login.defs_DES/11_chgpasswd-e.test
+run_test ./crypt/login.defs_DES/12_chgpasswd-m.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_MD5/01_chpasswd.test
+	run_test ./crypt/login.defs_MD5_CRYPT_ENAB/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_MD5/02_chgpasswd.test
+run_test ./crypt/login.defs_MD5_CRYPT_ENAB/02_chgpasswd.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./crypt/login.defs_SHA256-round-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min-max/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256-round-min/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA256/01_chpasswd.test
+	run_test ./crypt/login.defs_SHA512/01_chpasswd.test
+	run_test ./crypt/login.defs_none/01_chpasswd.test
+fi
+run_test ./crypt/login.defs_SHA256-round-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min-max/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256-round-min/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA256/02_chgpasswd.test
+run_test ./crypt/login.defs_SHA512/02_chgpasswd.test
+run_test ./crypt/login.defs_none/02_chgpasswd.test
+run_test ./newusers/01_create_user/newusers.test
+run_test ./newusers/02_update_password/newusers.test
+run_test ./newusers/03_no_update_pid/newusers.test
+run_test ./newusers/04_no_update_gid/newusers.test
+run_test ./newusers/05_create_user_pid/newusers.test
+run_test ./newusers/06_create_user_gid/newusers.test
+run_test ./newusers/07_create_user_pid_gid/newusers.test
+run_test ./newusers/08_create_user_pid_other-gid/newusers.test
+run_test ./newusers/09_create_user_pid-as-user-bar/newusers.test
+run_test ./newusers/10_create_user_gid-as-group-bar/newusers.test
+run_test ./newusers/11_update_gecos/newusers.test
+run_test ./newusers/12_update_shell/newusers.test
+run_test ./newusers/13_create_user_new-home/newusers.test
+run_test ./newusers/14_create_user_existing-home/newusers.test
+run_test ./newusers/15_update_new-home/newusers.test
+run_test ./newusers/16_update_existing-home/newusers.test
+run_test ./newusers/17_create_user_pid-already-used/newusers.test
+run_test ./newusers/18_create_user_gid-already-used/newusers.test
+run_test ./newusers/19_update_keep-old-home/newusers.test
+run_test ./newusers/20_multiple_users/newusers.test
+run_test ./newusers/21_create_user_UID_MAX/newusers.test
+run_test ./newusers/22_create_user_GID_MAX/newusers.test
+run_test ./newusers/23_create_user_error_negative_UID/newusers.test
+run_test ./newusers/24_create_user_error_invalid_UID/newusers.test
+run_test ./newusers/25_create_user_error_no_remaining_UID/newusers.test
+run_test ./newusers/26_create_user_error_no_remaining_GID/newusers.test
+run_test ./newusers/27_create_user_error_invalid_username/newusers.test
+run_test ./newusers/28_create_user_error_invalid_groupname/newusers.test
+run_test ./newusers/29_create_user_error_invalid_username_valid_groupname/newusers.test
+run_test ./newusers/30_create_user_different_groupname/newusers.test
+run_test ./newusers/31_create_user_error_invalid_GID/newusers.test
+run_test ./newusers/32_create_user_error_gshadow_group_exists/newusers.test
+run_test ./newusers/33_update_password_no_shadow_password/newusers.test
+run_test ./newusers/34_update_password_no_shadow/newusers.test
+run_test ./newusers/35_read_from_stdin/newusers.test
+if [ "$USE_PAM" != "yes" ]; then
+	run_test ./newusers/36_create_user_encrypted/newusers.test
+	run_test ./newusers/37_create_user_encrypt_MD5/newusers.test
+	run_test ./newusers/38_update_password_no_shadow_encrypted/newusers.test
+	run_test ./newusers/39_update_password_no_shadow_password_encrypted/newusers.test
+	run_test ./newusers/40_update_password_encrypted/newusers.test
+	run_test ./newusers/41_create_user_encrypt_SHA256/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300/newusers.test
+	run_test ./newusers/45_create_user_encrypt_rounds_3000/newusers.test
+	run_test ./newusers/46_create_user_encrypt_MD5_ignore_rounds_3000/newusers.test
+else
+
+	run_test ./newusers/37_create_user_encrypt_MD5-PAM/newusers.test
+
+
+
+	run_test ./newusers/41_create_user_encrypt_SHA256-PAM/newusers.test
+	run_test ./newusers/42_create_user_encrypt_SHA512-PAM/newusers.test
+	run_test ./newusers/43_create_user_encrypt_SHA256_rounds_3000-PAM/newusers.test
+	run_test ./newusers/44_create_user_encrypt_SHA256_rounds_300-PAM/newusers.test
+
+
+fi
+run_test ./newusers/47_create_user_error_UID_4294967295/newusers.test
+run_test ./newusers/48_create_user_error_GID_4294967295/newusers.test
+run_test ./newusers/49_multiple_system_users/newusers.test
+run_test ./newusers/50_usage/newusers.test
+run_test ./newusers/51_usage_invalid_option/newusers.test
+run_test ./newusers/52_usage_2_input_files/newusers.test
+run_test ./newusers/53_locked_passwd/newusers.test
+run_test ./newusers/54_locked_shadow/newusers.test
+run_test ./newusers/55_locked_group/newusers.test
+run_test ./newusers/56_locked_gshadow/newusers.test
+run_test ./newusers/57_missing_input_file/newusers.test
+run_test ./newusers/58_invalid_input_file/newusers.test
+run_test ./newusers/59_no_gshadow_file/newusers.test
+run_test ./newusers/60_update_no_gecos/newusers.test
+run_test ./newusers/61_update_no_shell/newusers.test
+run_test ./split_groups/01_useradd_split_group/useradd.test
+run_test ./split_groups/02_useradd_no_split_group/useradd.test
+run_test ./split_groups/03_useradd_split_group_already_split/useradd.test
+run_test ./split_groups/04_useradd_split_group_already_full/useradd.test
+run_test ./split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
+run_test ./split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
+run_test ./split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
+run_test ./split_groups/08_useradd_no_split_group_already_split/useradd.test
+run_test ./split_groups/09_groupdel_split_group_already_split/groupdel.test
+run_test ./split_groups/10_groupdel_no_split_group_already_split/groupdel.test
+if [ "$FAILURE_TESTS" = "yes" ]; then
+run_test ./failures/chage/01_chage_openRW_passwd_failure/chage.test
+run_test ./failures/chage/02_chage_openRO_passwd_failure/chage.test
+run_test ./failures/chage/03_chage_openRW_shadow_failure/chage.test
+run_test ./failures/chage/04_chage_openRO_shadow_failure/chage.test
+run_test ./failures/chage/05_chage_rename_shadow_failure/chage.test
+run_test ./failures/chage/06_chage_rename_passwd_failure/chage.test
+run_test ./failures/chgpasswd/01_chgpasswd-e_open_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/02_chgpasswd-e_open_gshadow_failure/chgpasswd.test
+run_test ./failures/chgpasswd/03_chgpasswd-e_rename_group_failure/chgpasswd.test
+run_test ./failures/chgpasswd/04_chgpasswd-e_rename_gshadow_failure/chgpasswd.test
+if [ "$USE_PAM" = "yes" ]; then
+	run_test ./failures/chpasswd-PAM/01_chpasswd-e_open_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/02_chpasswd-e_open_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/03_chpasswd-e_rename_passwd_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/04_chpasswd-e_rename_shadow_failure/chpasswd.test
+	run_test ./failures/chpasswd-PAM/05_chpasswd-e_time_0/chpasswd.test
+fi
+run_test ./failures/chsh/01_chsh_open_passwd_failure/chsh.test
+run_test ./failures/chsh/02_chsh_rename_passwd_failure/chsh.test
+run_test ./failures/cppw/01_cppw_open_passwd_in_failure/cppw.test
+run_test ./failures/cppw/02_cppw_open_passwd_backup_failure/cppw.test
+run_test ./failures/cppw/03_cppw_rename_passwd_failure/cppw.test
+run_test ./failures/gpasswd/01_gpasswd_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/02_gpasswd_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/03_gpasswd-a_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/04_gpasswd-d_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/05_gpasswd-r_group_open_failure/gpasswd.test
+run_test ./failures/gpasswd/06_gpasswd-R_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/07_gpasswd-A_gshadow_open_failure/gpasswd.test
+run_test ./failures/gpasswd/08_gpasswd_group_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/09_gpasswd_gshadow_openRO_failure/gpasswd.test
+run_test ./failures/gpasswd/10_gpasswd_group_rename_failure/gpasswd.test
+run_test ./failures/gpasswd/11_gpasswd_gshadow_rename_failure/gpasswd.test
+run_test ./failures/groupadd/01_groupadd_gshadow_rename_failure/groupadd.test
+run_test ./failures/groupadd/02_groupadd_group_rename_failure/groupadd.test
+run_test ./failures/groupadd/03_groupadd_gshadow_open_failure/groupadd.test
+run_test ./failures/groupadd/04_groupadd_group_open_failure/groupadd.test
+run_test ./failures/groupdel/01_groupdel_gshadow_rename_failure/groupdel.test
+run_test ./failures/groupdel/02_groupdel_group_rename_failure/groupdel.test
+run_test ./failures/groupdel/03_groupdel_gshadow_open_failure/groupdel.test
+run_test ./failures/groupdel/04_groupdel_group_open_failure/groupdel.test
+run_test ./failures/groupmems/01_groupmems_group_open_failure/groupmems.test
+run_test ./failures/groupmems/02_groupmems_gshadow_open_failure/groupmems.test
+run_test ./failures/groupmod/01_groupmod_change_group_name_gshadow_rename_failure/groupmod.test
+run_test ./failures/groupmod/02_groupmod_change_gid_change_primary_group_passwd_rename_failure/groupmod.test
+run_test ./failures/groupmod/03_groupmod_change_group_name_group_rename_failure/groupmod.test
+run_test ./failures/groupmod/04_groupmod_group_open_failure/groupmod.test
+run_test ./failures/groupmod/05_groupmod_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/06_groupmod_-g_no_gshadow_open_failure/groupmod.test
+run_test ./failures/groupmod/07_groupmod_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/08_groupmod_-g_same_gid_no_passwd_open_failure/groupmod.test
+run_test ./failures/groupmod/09_groupmod_-n_no_passwd_open_failure/groupmod.test
+run_test ./failures/grpck/01_grpck_system_group_open_failure/grpck.test
+run_test ./failures/grpck/02_grpck_group_open_failure/grpck.test
+run_test ./failures/grpck/03_grpck_system_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/04_grpck_gshadow_open_failure/grpck.test
+run_test ./failures/grpck/05_grpck_sort_group_rename_failure/grpck.test
+run_test ./failures/grpck/06_grpck_sort_gshadow_rename_failure/grpck.test
+run_test ./failures/grpconv/01_grpconv_open_group_failure/grpconv.test
+run_test ./failures/grpconv/02_grpconv_open_gshadow_failure/grpconv.test
+run_test ./failures/grpconv/03_grpconv_rename_group_failure/grpconv.test
+run_test ./failures/grpconv/04_grpconv_rename_gshadow_failure/grpconv.test
+run_test ./failures/grpunconv/01_grpunconv_group_rename_failure/grpunconv.test
+run_test ./failures/grpunconv/02_grpunconv_open_group_failure/grpunconv.test
+run_test ./failures/grpunconv/03_grpunconv_open_gshadow_failure/grpunconv.test
+run_test ./failures/grpunconv/04_grpunconv_unlink_gshadow_failure/grpunconv.test
+run_test ./failures/newusers/01_newusers_open_passwd_failure/newusers.test
+run_test ./failures/newusers/02_newusers_open_shadow_failure/newusers.test
+run_test ./failures/newusers/03_newusers_open_group_failure/newusers.test
+run_test ./failures/newusers/04_newusers_open_gshadow_failure/newusers.test
+run_test ./failures/newusers/05_newusers_rename_passwd_failure/newusers.test
+run_test ./failures/newusers/06_newusers_rename_shadow_failure/newusers.test
+run_test ./failures/newusers/07_newusers_rename_group_failure/newusers.test
+run_test ./failures/newusers/08_newusers_rename_gshadow_failure/newusers.test
+run_test ./failures/newusers/09_newusers_rename_shadow_failure_PAM/newusers.test
+run_test ./failures/newusers/10_newusers_time_0/newusers.test
+run_test ./failures/pwck/01_pwck_system_passwd_open_failure/pwck.test
+run_test ./failures/pwck/02_pwck_passwd_open_failure/pwck.test
+run_test ./failures/pwck/03_pwck_system_shadow_open_failure/pwck.test
+run_test ./failures/pwck/04_pwck_shadow_open_failure/pwck.test
+run_test ./failures/pwck/05_pwck_sort_system_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/06_pwck_sort_system_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/07_pwck_sort_passwd_rename_failure/pwck.test
+run_test ./failures/pwck/08_pwck_sort_shadow_rename_failure/pwck.test
+run_test ./failures/pwck/09_pwck_create_shadow_entry_time_0/pwck.test
+run_test ./failures/pwconv/01_pwconv_open_passwd_failure/pwconv.test
+run_test ./failures/pwconv/02_pwconv_open_shadow_failure/pwconv.test
+run_test ./failures/pwconv/03_pwconv_rename_passwd_failure/pwconv.test
+run_test ./failures/pwconv/04_pwconv_rename_shadow_failure/pwconv.test
+run_test ./failures/pwconv/05_pwconv_time_0/pwconv.test
+run_test ./failures/pwunconv/01_pwunconv_passwd_rename_failure/pwunconv.test
+run_test ./failures/pwunconv/02_pwunconv_open_passwd_failure/pwunconv.test
+run_test ./failures/pwunconv/03_pwunconv_open_shadow_failure/pwunconv.test
+run_test ./failures/pwunconv/04_pwunconv_unlink_shadow_failure/pwunconv.test
+run_test ./failures/useradd/01_useradd_open_passwd_failure/useradd.test
+run_test ./failures/useradd/02_useradd_open_shadow_failure/useradd.test
+run_test ./failures/useradd/03_useradd_open_group_failure/useradd.test
+run_test ./failures/useradd/04_useradd_open_gshadow_failure/useradd.test
+run_test ./failures/useradd/05_useradd_rename_passwd_failure/useradd.test
+run_test ./failures/useradd/06_useradd_rename_shadow_failure/useradd.test
+run_test ./failures/useradd/07_useradd_rename_group_failure/useradd.test
+run_test ./failures/useradd/08_useradd_rename_gshadow_failure/useradd.test
+run_test ./failures/useradd/09_useradd_rename_defaults_failure/useradd.test
+run_test ./failures/useradd/10_useradd_rename_defaults_backup_failure/useradd.test
+run_test ./failures/useradd/11_useradd_time_0/useradd.test
+run_test ./failures/useradd/12_useradd_open_subuid_failure/useradd.test
+run_test ./failures/useradd/13_useradd_open_subgid_failure/useradd.test
+run_test ./failures/useradd/14_username_rename_subuid_failure/useradd.test
+run_test ./failures/useradd/15_username_rename_subgid_failure/useradd.test
+run_test ./failures/userdel/01_userdel_gshadow_rename_failure/userdel.test
+run_test ./failures/userdel/02_userdel_group_rename_failure/userdel.test
+run_test ./failures/userdel/03_userdel_shadow_rename_failure/userdel.test
+run_test ./failures/userdel/04_userdel_passwd_rename_failure/userdel.test
+run_test ./failures/userdel/05_userdel_failure_remove_mailbox/userdel.test
+run_test ./failures/userdel/06_userdel_failure_remove_file_homedir/userdel.test
+run_test ./failures/userdel/07_userdel_failure_remove_homedir/userdel.test
+run_test ./failures/userdel/08_userdel_open_passwd_failure/userdel.test
+run_test ./failures/userdel/09_userdel_open_shadow_failure/userdel.test
+run_test ./failures/userdel/10_userdel_open_group_failure/userdel.test
+run_test ./failures/userdel/11_userdel_open_gshadow_failure/userdel.test
+run_test ./failures/userdel/12_userdel_open_subuid_failure/userdel.test
+run_test ./failures/userdel/13_userdel_open_subgid_failure/userdel.test
+run_test ./failures/userdel/14_userdel_rename_subuid_failure/usedel.test
+run_test ./failures/userdel/15_userdel_rename_subgid_failure/usedel.test
+run_test ./failures/usermod/01_usermod_change_user_name_gshadow_rename_failure/usermod.test
+run_test ./failures/usermod/02_usermod_change_uid_passwd_rename_failure/usermod.test
+run_test ./failures/usermod/03_usermod_change_user_name_group_rename_failure/usermod.test
+run_test ./failures/usermod/04_usermod_change_user_name_gshadow_rename_no_failure/usermod.test
+run_test ./failures/usermod/05_usermod_change_uid_shadow_rename_failure/usermod.test
+run_test ./failures/usermod/06_usermod_change_user_name_open_passwd_failure/usermod.test
+run_test ./failures/usermod/07_usermod_change_user_name_open_shadow_failure/usermod.test
+run_test ./failures/usermod/08_usermod_change_user_name_open_group_failure/usermod.test
+run_test ./failures/usermod/09_usermod_change_user_name_open_gshadow_failure/usermod.test
+run_test ./failures/usermod/10_usermod_-p_time_0/usermod.test
+run_test ./failures/usermod/11_usermod-f_no_shadow_entry_time_0/usermod.test
+#run_test ./failures/usermod/12_usermod_change_uid_passwd_unlock_passwd_failure/usermod.test
+run_test ./failures/usermod/13_usermod_-v_open_subuid_failure/usermod.test
+run_test ./failures/usermod/14_usermod_-V_open_subuid_failure/usermod.test
+run_test ./failures/usermod/15_usermod_-w_open_subgid_failure/usermod.test
+run_test ./failures/usermod/16_usermod_-W_open_subgid_failure/usermod.test
+run_test ./failures/usermod/17_usermod_-v_rename_subuid_failure/usermod.test
+run_test ./failures/usermod/18_usermod_-w_rename_subgid_failure/usermod.test
+fi
+run_test ./expiry/01_expiry_-c_no_expiry/expiry.test
+run_test ./expiry/02_expiry_-c_expired/expiry.test
+run_test ./expiry/03_expiry_-f_expired/expiry.test
+run_test ./expiry/04_expiry_no_options/expiry.test
+run_test ./expiry/05_expiry_-c_no_shadow_file/expiry.test
+run_test ./expiry/06_expiry_-c_no_shadow_entry/expiry.test
+run_test ./expiry/07_expiry_-c_expired_account/expiry.test
+run_test ./expiry/08_expiry_-c_expired_max+inact/expiry.test
+run_test ./expiry/09_expiry_-c_expired_not_inactive/expiry.test
+run_test ./expiry/10_expiry_bad_option/expiry.test
+run_test ./expiry/11_expiry_usage/expiry.test
+run_test ./expiry/12_expiry_extra_arg/expiry.test
+run_test ./expiry/13_expiry_usage-c-f/expiry.test
+run_test ./passwd/01_passwd_-S_root_locked_account/passwd.test
+run_test ./passwd/02_passwd_-S_root_valid_account/passwd.test
+run_test ./passwd/03_passwd_-S_root_empty_password/passwd.test
+run_test ./passwd/04_passwd_-S_root_valid_account_no_shadow_file/passwd.test
+run_test ./passwd/05_passwd_-S_root_valid_account_no_shadow_entry/passwd.test
+run_test ./passwd/06_passwd_-l_root_lock_account/passwd.test
+run_test ./passwd/07_passwd_-l_root_lock_account_no_shadow_entry/passwd.test
+run_test ./passwd/08_passwd_-u_root_unlock_account/passwd.test
+run_test ./passwd/09_passwd_-u_root_unlock_to_empty/passwd.test
+run_test ./passwd/10_passwd_-d_root/passwd.test
+run_test ./passwd/11_passwd_--mindays_root/passwd.test
+run_test ./passwd/12_passwd_--maxdays_root/passwd.test
+run_test ./passwd/13_passwd_--warndays_root/passwd.test
+run_test ./passwd/14_passwd_--inactive_root/passwd.test
+run_test ./passwd/15_passwd_--expire_root/passwd.test
+run_test ./passwd/16_passwd_-S-a_root/passwd.test
+run_test ./passwd/17_passwd_root_change_password/passwd.test
+run_test ./passwd/18_passwd_root_change_password_user/passwd.test
+run_test ./passwd/19_passwd_user_change_password/passwd.test
+run_test ./passwd/20_passwd_user_change_password_same_user/passwd.test
+run_test ./passwd/21_passwd_user_change_password_other_user/passwd.test
+run_test ./passwd/22_passwd_usage/passwd.test
+run_test ./login/01_login_prompt/login.test
+run_test ./login/02_login_user/login.test
+run_test ./login/03_login_check_tty/login.test
+run_test ./subids/01_useradd_no_subids/useradd.test
+run_test ./subids/02_useradd_with_subids/useradd.test
+run_test ./subids/03_useradd_no_subgid/useradd.test
+run_test ./subids/04_useradd_no_subuid/useradd.test
+run_test ./subids/05_useradd_fill_gap_start/useradd.test
+run_test ./subids/06_useradd_fill_gap_middle/useradd.test
+run_test ./subids/07_useradd_fill_gap_end/useradd.test
+run_test ./subids/08_useradd_no_more_subuids_start/useradd.test
+run_test ./subids/09_useradd_no_more_subgids_start/useradd.test
+run_test ./subids/10_useradd_no_more_subuids_end/useradd.test
+run_test ./subids/11_useradd_no_more_subgids_end/useradd.test
+run_test ./subids/12_useradd_invalid_subuid_configuration1/useradd.test
+run_test ./subids/13_useradd_invalid_subuid_configuration2/useradd.test
+run_test ./subids/14_useradd_invalid_subuid_configuration3/useradd.test
+run_test ./subids/15_useradd_invalid_subgid_configuration1/useradd.test
+run_test ./subids/16_useradd_invalid_subgid_configuration2/useradd.test
+run_test ./subids/17_useradd_invalid_subgid_configuration3/useradd.test
+run_test ./subids/18_useradd_min=max/useradd.test
+run_test ./subids/19_useradd_locked_subuid/useradd.test
+run_test ./subids/20_useradd_locked_subgid/useradd.test
+run_test ./subids/21_usermod_create_subuid_range/usermod.test
+run_test ./subids/22_usermod_create_subgid_range/usermod.test
+run_test ./subids/23_usermod_create_subids_ranges/usermod.test
+run_test ./subids/24_usermod_create_subids_overlapping_ranges/usermod.test
+run_test ./subids/25_usermod_add_range/usermod.test
+run_test ./subids/26_usermod_add_overlapping_ranges/usermod.test
+run_test ./subids/27_usermod_remove_range_all/usermod.test
+run_test ./subids/28_usermod_remove_range_partial_begin/usermod.test
+run_test ./subids/29_usermod_remove_range_partial_middle/usermod.test
+run_test ./subids/30_usermod_remove_range_partial_end/usermod.test
+run_test ./subids/31_usermod_remove_outside_range/usermod.test
+run_test ./subids/32_usermod_remove_overlapping_range_begin/usermod.test
+run_test ./subids/33_usermod_remove_overlapping_range_end/usermod.test
+run_test ./subids/34_usermod_remove_overlapping_range_all/usermod.test
+run_test ./subids/35_usermod_remove_only_user_ranges/usermod.test
+run_test ./subids/36_usermod_remove_with_comment/usermod.test
+run_test ./subids/37_usermod_-v_invalid_range/usermod.test
+run_test ./subids/38_usermod_-V_invalid_range/usermod.test
+run_test ./subids/39_usermod_-w_invalid_range/usermod.test
+run_test ./subids/40_usermod_-W_invalid_range/usermod.test
+run_test ./subids/41_usermod_locked_subuid/usermod.test
+run_test ./subids/42_usermod_locked_subgid/usermod.test
+run_test ./subids/43_usermod_-w_no_subgid/usermod.test
+run_test ./subids/44_usermod_-W_no_subgid/usermod.test
+run_test ./subids/45_usermod_-v_no_subgid/usermod.test
+run_test ./subids/46_usermod_-V_no_subgid/usermod.test
+run_test ./subids/47_usermod_-v_invalid_range2/usermod.test
+run_test ./subids/48_usermod_-v_invalid_range3/usermod.test
+run_test ./subids/49_usermod_-v_invalid_range4/usermod.test
+run_test ./subids/50_usermod_-v_invalid_range5/usermod.test
+run_test ./subids/51_usermod_-v_invalid_range6/usermod.test
+run_test ./subids/52_usermod_-v_invalid_range7/usermod.test
+run_test ./subids/53_userdel_one_subuid_range/userdel.test
+run_test ./subids/54_userdel_one_subgid_range/userdel.test
+run_test ./subids/55_userdel_no_subuid/userdel.test
+run_test ./subids/56_userdel_no_subgid/userdel.test
+run_test ./subids/57_userdel_multiple_ranges/userdel.test
+run_test ./subids/58_newusers_with_subids/newusers.test
+run_test ./subids/59_newusers_no_subuid/newusers.test
+run_test ./subids/60_newusers_no_subgid/newusers.test
+run_test ./subids/61_newusers_user_alread_has_subgids/newusers.test
+run_test ./subids/62_newusers_user_alread_has_subuids/newusers.test
+run_test ./subids/63_useradd_fill_gap4/useradd.test
+run_test ./subids/64_useradd_fill_gap5/useradd.test
+run_test ./subids/65_useradd_fill_gap6/useradd.test
+run_test ./subids/66_subordinate_range_cmp/useradd.test
+run_test ./subids/67_invalid_subuid_file1/useradd.test
+run_test ./subids/68_invalid_subuid_file2/useradd.test
+run_test ./subids/69_invalid_subuid_file3/useradd.test
+run_test ./subids/70_invalid_subuid_file4/useradd.test
+run_test ./subids/71_useradd_subids_for_system/useradd.test
+run_test ./newuidmap/01_newuidmap/newuidmap.test
+run_test ./newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
+run_test ./newgidmap/01_newgidmap/newgidmap.test
+run_test ./newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
+
+echo
+
+genhtml --quiet --frames --output-directory coverage.test --show-details app_total.info
+
+echo
+echo "$succeeded test(s) passed"
+echo "$failed test(s) failed"
+echo "log written in 'testsuite.log'"
+if [ "$failed" != 0 ]
+then
+	echo "the following tests failed:"
+	echo "$failed_tests"
+fi
diff --git a/tests/tests/run_some b/tests/tests/run_some
new file mode 100755
index 0000000..91f5626
--- /dev/null
+++ b/tests/tests/run_some
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+set -e
+
+export LC_ALL=C
+unset LANG
+unset LANGUAGE
+. common/config.sh
+
+USE_PAM="yes"
+FAILURE_TESTS="yes"
+
+succeeded=0
+failed=0
+failed_tests=""
+
+run_test()
+{
+	[ -f RUN_TEST.STOP ] && exit 1
+
+	passed=0
+	if $1 > $1.log 2>&1
+	then
+		passed=1
+	fi
+
+	if [ -n "$2" ]; then # ignore failure
+		printf '.'
+	elif [ $passed -eq 1 ]; then
+		succeeded=$((succeeded+1))
+		printf '+'
+	else
+		failed=$((failed+1))
+		failed_tests="$failed_tests $1"
+		printf '-'
+	fi
+	cat $1.log >> testsuite.log
+	[ -f /etc/passwd.lock ] && echo $1 /etc/passwd.lock || true
+	[ -f /etc/group.lock ] && echo $1 /etc/group.lock || true
+	[ -f /etc/shadow.lock ] && echo $1 /etc/shadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	[ -f /etc/gshadow.lock ] && echo $1 /etc/gshadow.lock || true
+	rm -rf /tmp/test-uidmap
+	if [ "$(stat -c"%G" /etc/shadow)" != "shadow" ]
+	then
+		echo $1
+		ls -l /etc/shadow
+		chgrp shadow /etc/shadow
+	fi
+	if [ -d /nonexistent ]
+	then
+		echo $1 /nonexistent
+		rmdir /nonexistent
+	fi
+}
+
+echo "+: test passed"
+echo "-: test failed"
+
+# Empty the complete log.
+> testsuite.log
+
+find "${build_path}" -name "*.gcda" -delete
+# ignore the result of the first test.  ~magic~
+run_test ./su/01/su_user.test ignore_failure
+run_test ./su/01/su_user.test
+run_test ./su/01/su_root.test
+find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+run_test ./su/02/env_FOO-options_--login
+run_test ./su/02/env_FOO-options_--login_bash
+run_test ./su/02/env_FOO-options_--preserve-environment
+run_test ./su/02/env_FOO-options_--preserve-environment_bash
+run_test ./su/02/env_FOO-options_-
+run_test ./su/02/env_FOO-options_-_bash
+run_test ./su/02/env_FOO-options_-l-m
+run_test ./su/02/env_FOO-options_-l-m_bash
+run_test ./su/02/env_FOO-options_-l
+run_test ./su/02/env_FOO-options_-l_bash
+run_test ./su/02/env_FOO-options_-m_bash
+run_test ./su/02/env_FOO-options_-m
+run_test ./su/02/env_FOO-options_-p
+run_test ./su/02/env_FOO-options_-p_bash
+run_test ./su/02/env_FOO-options__bash
+run_test ./su/02/env_FOO-options_
+run_test ./su/02/env_FOO-options_-p-
+run_test ./su/02/env_FOO-options_-p-_bash
+run_test ./su/02/env_special-options_-l-p
+run_test ./su/02/env_special-options_-l
+run_test ./su/02/env_special-options_-l-p_bash
+run_test ./su/02/env_special-options_-l_bash
+run_test ./su/02/env_special-options_-p
+run_test ./su/02/env_special-options_-p_bash
+run_test ./su/02/env_special-options_
+run_test ./su/02/env_special-options__bash
+run_test ./su/02/env_special_root-options_-l-p
+run_test ./su/02/env_special_root-options_-l-p_bash
+run_test ./su/02/env_special_root-options_-l
+run_test ./su/02/env_special_root-options_-l_bash
+run_test ./su/02/env_special_root-options_-p
+run_test ./su/02/env_special_root-options_-p_bash
+run_test ./su/02/env_special_root-options_
+run_test ./su/02/env_special_root-options__bash
+run_test ./su/03/su_run_command01.test
+run_test ./su/03/su_run_command02.test
+run_test ./su/03/su_run_command03.test
+run_test ./su/03/su_run_command04.test
+run_test ./su/03/su_run_command05.test
+run_test ./su/03/su_run_command06.test
+run_test ./su/03/su_run_command07.test
+run_test ./su/03/su_run_command08.test
+run_test ./su/03/su_run_command09.test
+run_test ./su/03/su_run_command10.test
+run_test ./su/03/su_run_command11.test
+run_test ./su/03/su_run_command12.test
+run_test ./su/03/su_run_command13.test
+run_test ./su/03/su_run_command14.test
+run_test ./su/03/su_run_command15.test
+run_test ./su/03/su_run_command16.test
+run_test ./su/03/su_run_command17.test
+run_test ./su/04/su_wrong_user.test
+run_test ./su/04/su_user_wrong_passwd.test
+run_test ./su/04/su_user_wrong_passwd_syslog.test
+run_test ./su/05/su_user_wrong_passwd_syslog.test
+run_test ./su/06/su_user_syslog.test
+run_test ./su/07/su_user_syslog.test
+run_test ./su/08/env_special-options_
+run_test ./su/08/env_special_root-options_
+run_test ./su/09/env_special-options_
+run_test ./su/09/env_special_root-options_
+run_test ./su/10_su_sulog_success/su.test
+run_test ./su/11_su_sulog_failure/su.test
+run_test ./su/12_su_child_failure/su.test
+run_test ./su/13_su_child_success/su.test
+run_test ./libsubid/01_list_ranges/list_ranges.test
+run_test ./libsubid/02_get_subid_owners/get_subid_owners.test
+run_test ./libsubid/03_add_remove/add_remove_subids.test
+run_test ./newuidmap/01_newuidmap/newuidmap.test
+run_test ./newuidmap/02_newuidmap_relaxed_gid_check/newuidmap.test
+run_test ./newgidmap/01_newgidmap/newgidmap.test
+run_test ./newgidmap/02_newgidmap_relaxed_gid_check/newgidmap.test
+run_test ./libsubid/04_nss/subidnss.test
+run_test ./usertools/62_usermod_remove_supplementary_groups/usermod.test
+
+echo
+echo "$succeeded test(s) passed"
+echo "$failed test(s) failed"
+echo "log written in 'testsuite.log'"
+if [ "$failed" != 0 ]
+then
+	echo "the following tests failed:"
+	echo "$failed_tests"
+	exit 1
+fi
diff --git a/tests/tests/split_groups/01_useradd_split_group/config.txt b/tests/tests/split_groups/01_useradd_split_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/default/useradd b/tests/tests/split_groups/01_useradd_split_group/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/group b/tests/tests/split_groups/01_useradd_split_group/config/etc/group
new file mode 100644
index 0000000..af7aa3b
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/gshadow b/tests/tests/split_groups/01_useradd_split_group/config/etc/gshadow
new file mode 100644
index 0000000..cfa80d5
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2
+foo1:*::
+foo2:*::
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/login.defs b/tests/tests/split_groups/01_useradd_split_group/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/passwd b/tests/tests/split_groups/01_useradd_split_group/config/etc/passwd
new file mode 100644
index 0000000..708e6ef
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/split_groups/01_useradd_split_group/config/etc/shadow b/tests/tests/split_groups/01_useradd_split_group/config/etc/shadow
new file mode 100644
index 0000000..f13ec56
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/group b/tests/tests/split_groups/01_useradd_split_group/data/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/gshadow b/tests/tests/split_groups/01_useradd_split_group/data/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/passwd b/tests/tests/split_groups/01_useradd_split_group/data/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/01_useradd_split_group/data/shadow b/tests/tests/split_groups/01_useradd_split_group/data/shadow
new file mode 100644
index 0000000..cb7911b
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/01_useradd_split_group/useradd.test b/tests/tests/split_groups/01_useradd_split_group/useradd.test
new file mode 100755
index 0000000..402aad9
--- /dev/null
+++ b/tests/tests/split_groups/01_useradd_split_group/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group with a full line"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo3, in group foo (useradd -G foo foo3)..."
+useradd -G foo foo3
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config.txt b/tests/tests/split_groups/02_useradd_no_split_group/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/default/useradd b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/group b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/group
new file mode 100644
index 0000000..af7aa3b
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/gshadow b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/gshadow
new file mode 100644
index 0000000..cfa80d5
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2
+foo1:*::
+foo2:*::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/login.defs b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/login.defs
new file mode 100644
index 0000000..ccf42f7
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	0
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/passwd b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/passwd
new file mode 100644
index 0000000..708e6ef
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/config/etc/shadow b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/shadow
new file mode 100644
index 0000000..f13ec56
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/group b/tests/tests/split_groups/02_useradd_no_split_group/data/group
new file mode 100644
index 0000000..355db7e
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2,foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/gshadow b/tests/tests/split_groups/02_useradd_no_split_group/data/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/passwd b/tests/tests/split_groups/02_useradd_no_split_group/data/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/data/shadow b/tests/tests/split_groups/02_useradd_no_split_group/data/shadow
new file mode 100644
index 0000000..cb7911b
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/02_useradd_no_split_group/useradd.test b/tests/tests/split_groups/02_useradd_no_split_group/useradd.test
new file mode 100755
index 0000000..402aad9
--- /dev/null
+++ b/tests/tests/split_groups/02_useradd_no_split_group/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group with a full line"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo3, in group foo (useradd -G foo foo3)..."
+useradd -G foo foo3
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config.txt b/tests/tests/split_groups/03_useradd_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/default/useradd b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/group b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/group b/tests/tests/split_groups/03_useradd_split_group_already_split/data/group
new file mode 100644
index 0000000..3c1c18b
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/group
@@ -0,0 +1,47 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo4
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
+foo4:x:1003:
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/gshadow b/tests/tests/split_groups/03_useradd_split_group_already_split/data/gshadow
new file mode 100644
index 0000000..ca307ab
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/gshadow
@@ -0,0 +1,46 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3,foo4
+foo1:*::
+foo2:*::
+foo3:!::
+foo4:!::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/passwd b/tests/tests/split_groups/03_useradd_split_group_already_split/data/passwd
new file mode 100644
index 0000000..f60db36
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
+foo4:x:1003:1003::/home/foo4:/bin/sh
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/data/shadow b/tests/tests/split_groups/03_useradd_split_group_already_split/data/shadow
new file mode 100644
index 0000000..3ee0375
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/data/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
+foo4:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/03_useradd_split_group_already_split/useradd.test b/tests/tests/split_groups/03_useradd_split_group_already_split/useradd.test
new file mode 100755
index 0000000..5c8fbad
--- /dev/null
+++ b/tests/tests/split_groups/03_useradd_split_group_already_split/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config.txt b/tests/tests/split_groups/04_useradd_split_group_already_full/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/default/useradd b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/group b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/group
new file mode 100644
index 0000000..355db7e
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2,foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/gshadow b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/login.defs b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/passwd b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/shadow b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/group b/tests/tests/split_groups/04_useradd_split_group_already_full/data/group
new file mode 100644
index 0000000..3c1c18b
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/group
@@ -0,0 +1,47 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo4
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
+foo4:x:1003:
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/gshadow b/tests/tests/split_groups/04_useradd_split_group_already_full/data/gshadow
new file mode 100644
index 0000000..ca307ab
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/gshadow
@@ -0,0 +1,46 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3,foo4
+foo1:*::
+foo2:*::
+foo3:!::
+foo4:!::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/passwd b/tests/tests/split_groups/04_useradd_split_group_already_full/data/passwd
new file mode 100644
index 0000000..f60db36
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
+foo4:x:1003:1003::/home/foo4:/bin/sh
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/data/shadow b/tests/tests/split_groups/04_useradd_split_group_already_full/data/shadow
new file mode 100644
index 0000000..3ee0375
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/data/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
+foo4:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/04_useradd_split_group_already_full/useradd.test b/tests/tests/split_groups/04_useradd_split_group_already_full/useradd.test
new file mode 100755
index 0000000..f4aab68
--- /dev/null
+++ b/tests/tests/split_groups/04_useradd_split_group_already_full/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group with already more user than allowed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config.txt b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/group b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/group
new file mode 100644
index 0000000..bdc8297
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:pass1:999:foo1,foo2
+foo:pass2:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/gshadow b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/login.defs b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/passwd b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/shadow b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/data/useradd.err b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/data/useradd.err
new file mode 100644
index 0000000..050950f
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/data/useradd.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+useradd: failed to prepare the new /etc/group entry 'foo'
diff --git a/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
new file mode 100755
index 0000000..165e47d
--- /dev/null
+++ b/tests/tests/split_groups/05_useradd_split_group_already_split_passwd_differ/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split, with different group passwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config.txt b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/group b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/group
new file mode 100644
index 0000000..792c688
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:pass:998:foo1,foo2
+foo:pass:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/gshadow b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/login.defs b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/passwd b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/shadow b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/data/useradd.err b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/data/useradd.err
new file mode 100644
index 0000000..050950f
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/data/useradd.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+useradd: failed to prepare the new /etc/group entry 'foo'
diff --git a/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
new file mode 100755
index 0000000..970d10c
--- /dev/null
+++ b/tests/tests/split_groups/06_useradd_split_group_already_split_GID_differ/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split, with different GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config.txt b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/default/useradd b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/group b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/group
new file mode 100644
index 0000000..c4ea1f0
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo1
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/gshadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/login.defs b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/passwd b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/shadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/group b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/group
new file mode 100644
index 0000000..3c1c18b
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/group
@@ -0,0 +1,47 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3,foo4
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
+foo4:x:1003:
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/gshadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/gshadow
new file mode 100644
index 0000000..ca307ab
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/gshadow
@@ -0,0 +1,46 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3,foo4
+foo1:*::
+foo2:*::
+foo3:!::
+foo4:!::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/passwd b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/passwd
new file mode 100644
index 0000000..f60db36
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/passwd
@@ -0,0 +1,23 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
+foo4:x:1003:1003::/home/foo4:/bin/sh
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/shadow b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/shadow
new file mode 100644
index 0000000..3ee0375
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/data/shadow
@@ -0,0 +1,23 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
+foo4:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
new file mode 100755
index 0000000..5c8fbad
--- /dev/null
+++ b/tests/tests/split_groups/07_useradd_split_group_already_split_user_in_both_lines/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config.txt b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/group b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..ccf42f7
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	0
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/data/useradd.err b/tests/tests/split_groups/08_useradd_no_split_group_already_split/data/useradd.err
new file mode 100644
index 0000000..050950f
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/data/useradd.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+useradd: failed to prepare the new /etc/group entry 'foo'
diff --git a/tests/tests/split_groups/08_useradd_no_split_group_already_split/useradd.test b/tests/tests/split_groups/08_useradd_no_split_group_already_split/useradd.test
new file mode 100755
index 0000000..055dec9
--- /dev/null
+++ b/tests/tests/split_groups/08_useradd_no_split_group_already_split/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user to a group already split, with MAX_MEMBERS_PER_GROUP set to 0"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo4, in group foo (useradd -G foo foo4)..."
+useradd -G foo foo4 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config.txt b/tests/tests/split_groups/09_groupdel_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/group b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..a5ae49c
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	2
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/data/group b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/group
new file mode 100644
index 0000000..7053f0e
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/data/gshadow b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/gshadow
new file mode 100644
index 0000000..f2ee7ec
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/09_groupdel_split_group_already_split/groupdel.test b/tests/tests/split_groups/09_groupdel_split_group_already_split/groupdel.test
new file mode 100755
index 0000000..0789a2e
--- /dev/null
+++ b/tests/tests/split_groups/09_groupdel_split_group_already_split/groupdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete a split group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config.txt b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/group b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/group
new file mode 100644
index 0000000..f7d6d12
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/group
@@ -0,0 +1,46 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:foo1,foo2
+foo:x:999:foo3
+foo1:x:1000:
+foo2:x:1001:
+foo3:x:1002:
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/gshadow b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/gshadow
new file mode 100644
index 0000000..39460af
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo1,foo2,foo3
+foo1:*::
+foo2:*::
+foo3:!::
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/login.defs b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/login.defs
new file mode 100644
index 0000000..ccf42f7
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/login.defs
@@ -0,0 +1,316 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+MAX_MEMBERS_PER_GROUP	0
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/passwd b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/passwd
new file mode 100644
index 0000000..6a6f62f
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo1:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
+foo3:x:1002:1002::/home/foo3:/bin/sh
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/shadow b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/shadow
new file mode 100644
index 0000000..81582a0
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/config/etc/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo1:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+foo3:!:13946:0:99999:7:::
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/data/groupdel.err b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/data/groupdel.err
new file mode 100644
index 0000000..7bd0741
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/data/groupdel.err
@@ -0,0 +1,2 @@
+Multiple entries named 'foo' in /etc/group. Please fix this with pwck or grpck.
+groupdel: cannot remove entry 'foo' from /etc/group
diff --git a/tests/tests/split_groups/10_groupdel_no_split_group_already_split/groupdel.test b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/groupdel.test
new file mode 100755
index 0000000..b1086b6
--- /dev/null
+++ b/tests/tests/split_groups/10_groupdel_no_split_group_already_split/groupdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete a split group, with MAX_MEMBERS_PER_GROUP set to 0"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete group foo (groupdel foo)..."
+groupdel foo 2>tmp/groupdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "groupdel reported:"
+echo "======================================================================="
+cat tmp/groupdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/groupdel.err tmp/groupdel.err
+echo "error message OK."
+rm -f tmp/groupdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/01/config.txt b/tests/tests/su/01/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/01/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/01/config/etc/group b/tests/tests/su/01/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/01/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/01/config/etc/gshadow b/tests/tests/su/01/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/01/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/01/config/etc/passwd b/tests/tests/su/01/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/01/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/01/config/etc/shadow b/tests/tests/su/01/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/01/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/01/run_su.exp b/tests/tests/su/01/run_su.exp
new file mode 100755
index 0000000..f1c1fb4
--- /dev/null
+++ b/tests/tests/su/01/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL (timeout)"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/01/su_root.test b/tests/tests/su/01/su_root.test
new file mode 100755
index 0000000..1bc2268
--- /dev/null
+++ b/tests/tests/su/01/su_root.test
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to root"
+
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp root rootF00barbaz '# '
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/01/su_user.test b/tests/tests/su/01/su_user.test
new file mode 100755
index 0000000..7fd1f57
--- /dev/null
+++ b/tests/tests/su/01/su_user.test
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/config.txt b/tests/tests/su/02/config.txt
new file mode 100644
index 0000000..70dfcd2
--- /dev/null
+++ b/tests/tests/su/02/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+# /etc/profile is empty to avoid interferences.
diff --git a/tests/tests/su/02/config/etc/group b/tests/tests/su/02/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/02/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/02/config/etc/gshadow b/tests/tests/su/02/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/02/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/02/config/etc/passwd b/tests/tests/su/02/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/su/02/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/02/config/etc/profile b/tests/tests/su/02/config/etc/profile
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/02/config/etc/profile
diff --git a/tests/tests/su/02/config/etc/shadow b/tests/tests/su/02/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/02/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/02/env_FOO-options_ b/tests/tests/su/02/env_FOO-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_- b/tests/tests/su/02/env_FOO-options_-
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--login b/tests/tests/su/02/env_FOO-options_--login
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--login
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--login.exp b/tests/tests/su/02/env_FOO-options_--login.exp
new file mode 100755
index 0000000..6f84498
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--login.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su --login, make a login shell
+#
+#=============================================================================
+send "/bin/su --login $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be empty"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--login_bash b/tests/tests/su/02/env_FOO-options_--login_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--login_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--preserve-environment b/tests/tests/su/02/env_FOO-options_--preserve-environment
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--preserve-environment
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--preserve-environment.exp b/tests/tests/su/02/env_FOO-options_--preserve-environment.exp
new file mode 100755
index 0000000..99fd27b
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--preserve-environment.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su --preserve-environment, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_--preserve-environment_bash b/tests/tests/su/02/env_FOO-options_--preserve-environment_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_--preserve-environment_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-.exp b/tests/tests/su/02/env_FOO-options_-.exp
new file mode 100755
index 0000000..d6251a7
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -, make a login shell
+#
+#=============================================================================
+send "/bin/su - $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be empty"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-_bash b/tests/tests/su/02/env_FOO-options_-_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l b/tests/tests/su/02/env_FOO-options_-l
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l-m b/tests/tests/su/02/env_FOO-options_-l-m
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l-m
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l-m.exp b/tests/tests/su/02/env_FOO-options_-l-m.exp
new file mode 100755
index 0000000..0e8ede1
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l-m.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l -m, make a login shell, but preserve environment
+#
+#=============================================================================
+send "/bin/su -l -m $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l-m_bash b/tests/tests/su/02/env_FOO-options_-l-m_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l-m_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l.exp b/tests/tests/su/02/env_FOO-options_-l.exp
new file mode 100755
index 0000000..87bc038
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l, make a login shell
+#
+#=============================================================================
+send "/bin/su - $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be empty"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-l_bash b/tests/tests/su/02/env_FOO-options_-l_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-l_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-m b/tests/tests/su/02/env_FOO-options_-m
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-m
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-m.exp b/tests/tests/su/02/env_FOO-options_-m.exp
new file mode 100755
index 0000000..e63eff9
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-m.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -m, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-m_bash b/tests/tests/su/02/env_FOO-options_-m_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-m_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p b/tests/tests/su/02/env_FOO-options_-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p- b/tests/tests/su/02/env_FOO-options_-p-
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p-
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p-.exp b/tests/tests/su/02/env_FOO-options_-p-.exp
new file mode 100755
index 0000000..fce2de3
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p-.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -p -, make a login shell, but preserve environment
+#
+#=============================================================================
+send "/bin/su -p $command - myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p-_bash b/tests/tests/su/02/env_FOO-options_-p-_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p-_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p.exp b/tests/tests/su/02/env_FOO-options_-p.exp
new file mode 100755
index 0000000..e63eff9
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# su -m, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options_-p_bash b/tests/tests/su/02/env_FOO-options_-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_FOO-options_.exp b/tests/tests/su/02/env_FOO-options_.exp
new file mode 100755
index 0000000..fc0f2a9
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options_.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export FOO=bar\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# FOO should be 'bar'"
+send "\r"
+expect "$ "
+
+send "echo \"FOO=\\\"\$FOO\\\"\"\r"
+expect "FOO=\"bar\"\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_FOO-options__bash b/tests/tests/su/02/env_FOO-options__bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_FOO-options__bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_ b/tests/tests/su/02/env_special-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l b/tests/tests/su/02/env_special-options_-l
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l-p b/tests/tests/su/02/env_special-options_-l-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l-p.exp b/tests/tests/su/02/env_special-options_-l-p.exp
new file mode 100755
index 0000000..355bfc2
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l-p.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -m -l, make a login shell, but preserve environment
+# However, PATH is not preserved, but set to what it would be with login
+#
+#=============================================================================
+send "/bin/su -p $command -l myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options_-l-p_bash b/tests/tests/su/02/env_special-options_-l-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-l.exp b/tests/tests/su/02/env_special-options_-l.exp
new file mode 100755
index 0000000..d49e1ab
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l.exp
@@ -0,0 +1,54 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l, make a login shell
+#
+#=============================================================================
+send "/bin/su - $command myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options_-l_bash b/tests/tests/su/02/env_special-options_-l_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-l_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-p b/tests/tests/su/02/env_special-options_-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_-p.exp b/tests/tests/su/02/env_special-options_-p.exp
new file mode 100755
index 0000000..e2f1ba4
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-p.exp
@@ -0,0 +1,56 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect -re "PATH=\"(.*)\"\r" {set PATH $expect_out(1,string)}
+send_user "PATH='$PATH'"
+expect "# "
+
+#=============================================================================
+#
+# su -m, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m myuser\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'root'root'/bin/bash'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options_-p_bash b/tests/tests/su/02/env_special-options_-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special-options_.exp b/tests/tests/su/02/env_special-options_.exp
new file mode 100755
index 0000000..7c69860
--- /dev/null
+++ b/tests/tests/su/02/env_special-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special-options__bash b/tests/tests/su/02/env_special-options__bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special-options__bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_ b/tests/tests/su/02/env_special_root-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l b/tests/tests/su/02/env_special_root-options_-l
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l-p b/tests/tests/su/02/env_special_root-options_-l-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l-p.exp b/tests/tests/su/02/env_special_root-options_-l-p.exp
new file mode 100755
index 0000000..06e9f4a
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l-p.exp
@@ -0,0 +1,57 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l -p root, make a login shell, but preserve environment
+# However, PATH is not preserved, but set to what it would be with login
+# for root
+#
+#=============================================================================
+send "/bin/su -p $command - root\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l-p_bash b/tests/tests/su/02/env_special_root-options_-l-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l.exp b/tests/tests/su/02/env_special_root-options_-l.exp
new file mode 100755
index 0000000..bcbd39c
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l.exp
@@ -0,0 +1,54 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# su -l root, make a login shell
+#
+#=============================================================================
+send "/bin/su $command -l root\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-l_bash b/tests/tests/su/02/env_special_root-options_-l_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-l_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-p b/tests/tests/su/02/env_special_root-options_-p
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-p
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-p.exp b/tests/tests/su/02/env_special_root-options_-p.exp
new file mode 100755
index 0000000..62f7aa7
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-p.exp
@@ -0,0 +1,56 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect -re "PATH=\"(.*)\"\r" {set PATH $expect_out(1,string)}
+send_user "PATH='$PATH'"
+expect "# "
+
+#=============================================================================
+#
+# su -p root, as for regular su, environment is preserved
+#
+#=============================================================================
+send "/bin/su $command -m\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# Even with -p, PATH is reset"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options_-p_bash b/tests/tests/su/02/env_special_root-options_-p_bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_-p_bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/env_special_root-options_.exp b/tests/tests/su/02/env_special_root-options_.exp
new file mode 100755
index 0000000..7f4b271
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su to root, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su $command\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/02/env_special_root-options__bash b/tests/tests/su/02/env_special_root-options__bash
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/env_special_root-options__bash
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/02/run_env_test.sh b/tests/tests/su/02/run_env_test.sh
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/02/run_env_test.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/config/etc/group b/tests/tests/su/03/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/03/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/03/config/etc/gshadow b/tests/tests/su/03/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/03/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/03/config/etc/passwd b/tests/tests/su/03/config/etc/passwd
new file mode 100644
index 0000000..eabf509
--- /dev/null
+++ b/tests/tests/su/03/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:
+testsuite::424242:424242::/home/:
diff --git a/tests/tests/su/03/config/etc/shadow b/tests/tests/su/03/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/03/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/03/data/ls.out b/tests/tests/su/03/data/ls.out
new file mode 100644
index 0000000..ee19d5d
--- /dev/null
+++ b/tests/tests/su/03/data/ls.out
@@ -0,0 +1 @@
+etc
diff --git a/tests/tests/su/03/su_run_command01.test b/tests/tests/su/03/su_run_command01.test
new file mode 100755
index 0000000..776d43f
--- /dev/null
+++ b/tests/tests/su/03/su_run_command01.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su myuser -c 'ls config'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser -c 'ls config'> tmp/out 2> tmp/err"
+/bin/su myuser -c 'ls config'> tmp/out 2> tmp/err
+
+echo "su reported:"
+echo "=== stdout ==="
+cat tmp/out
+echo "=== stderr ==="
+cat tmp/err
+echo "=============="
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command02.test b/tests/tests/su/03/su_run_command02.test
new file mode 100755
index 0000000..ff0c434
--- /dev/null
+++ b/tests/tests/su/03/su_run_command02.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su -- myuser -c 'ls config'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -- myuser -c 'ls config'> tmp/out 2> tmp/err"
+/bin/su -- myuser -c 'ls config'> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command03.test b/tests/tests/su/03/su_run_command03.test
new file mode 100755
index 0000000..2abde6a
--- /dev/null
+++ b/tests/tests/su/03/su_run_command03.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su myuser -- -c 'ls config'"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser -- -c 'ls config'> tmp/out 2> tmp/err"
+/bin/su myuser -- -c 'ls config'> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command04.test b/tests/tests/su/03/su_run_command04.test
new file mode 100755
index 0000000..c2a09c2
--- /dev/null
+++ b/tests/tests/su/03/su_run_command04.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su -c 'ls config' myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -c 'ls config' myuser> tmp/out 2> tmp/err"
+/bin/su -c 'ls config' myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command05.test b/tests/tests/su/03/su_run_command05.test
new file mode 100755
index 0000000..f7d278b
--- /dev/null
+++ b/tests/tests/su/03/su_run_command05.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands: su -c 'ls config' -- myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -c 'ls config' -- myuser> tmp/out 2> tmp/err"
+/bin/su -c 'ls config' -- myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+diff -au data/ls.out tmp/out
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command06.test b/tests/tests/su/03/su_run_command06.test
new file mode 100755
index 0000000..146af83
--- /dev/null
+++ b/tests/tests/su/03/su_run_command06.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command07.test b/tests/tests/su/03/su_run_command07.test
new file mode 100755
index 0000000..9f08c2a
--- /dev/null
+++ b/tests/tests/su/03/su_run_command07.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su - myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su - myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su - myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command08.test b/tests/tests/su/03/su_run_command08.test
new file mode 100755
index 0000000..51b8bab
--- /dev/null
+++ b/tests/tests/su/03/su_run_command08.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su - -- myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su - -- myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su - -- myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command09.test b/tests/tests/su/03/su_run_command09.test
new file mode 100755
index 0000000..d24df2c
--- /dev/null
+++ b/tests/tests/su/03/su_run_command09.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su - myuser -- -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su - myuser -- -c pwd> tmp/out 2> tmp/err"
+/bin/su - myuser -- -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command10.test b/tests/tests/su/03/su_run_command10.test
new file mode 100755
index 0000000..c74f79f
--- /dev/null
+++ b/tests/tests/su/03/su_run_command10.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -l myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -l myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su -l myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command11.test b/tests/tests/su/03/su_run_command11.test
new file mode 100755
index 0000000..8a6311b
--- /dev/null
+++ b/tests/tests/su/03/su_run_command11.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su --login -- myuser -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su --login -- myuser -c pwd> tmp/out 2> tmp/err"
+/bin/su --login -- myuser -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command12.test b/tests/tests/su/03/su_run_command12.test
new file mode 100755
index 0000000..6ac4f20
--- /dev/null
+++ b/tests/tests/su/03/su_run_command12.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -l myuser -- -c pwd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su -l myuser -- -c pwd> tmp/out 2> tmp/err"
+/bin/su -l myuser -- -c pwd> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	/home)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '/home'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command13.test b/tests/tests/su/03/su_run_command13.test
new file mode 100755
index 0000000..0b042b9
--- /dev/null
+++ b/tests/tests/su/03/su_run_command13.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -p -c pwd -- - myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -p -c pwd -- - myuser> tmp/out 2> tmp/err"
+/bin/su -p -c pwd -- - myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || {
+	echo "FAIL"
+	echo "tmp/err is not empty:"
+	cat tmp/err
+	false
+}
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command14.test b/tests/tests/su/03/su_run_command14.test
new file mode 100755
index 0000000..c8fc49b
--- /dev/null
+++ b/tests/tests/su/03/su_run_command14.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -p -c pwd - myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -p -c pwd - myuser> tmp/out 2> tmp/err"
+/bin/su -p -c pwd - myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command15.test b/tests/tests/su/03/su_run_command15.test
new file mode 100755
index 0000000..d57b27d
--- /dev/null
+++ b/tests/tests/su/03/su_run_command15.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -c pwd -p - myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -c pwd -p - myuser> tmp/out 2> tmp/err"
+/bin/su -c pwd -p - myuser> tmp/out 2> tmp/err
+
+echo "su reported:"
+echo "=== stdout ==="
+cat tmp/out
+echo "=== stderr ==="
+cat tmp/err
+echo "=============="
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command16.test b/tests/tests/su/03/su_run_command16.test
new file mode 100755
index 0000000..2876516
--- /dev/null
+++ b/tests/tests/su/03/su_run_command16.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -c pwd - -p myuser"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -c pwd - -p myuser> tmp/out 2> tmp/err"
+/bin/su -c pwd - -p myuser> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/03/su_run_command17.test b/tests/tests/su/03/su_run_command17.test
new file mode 100755
index 0000000..b423faa
--- /dev/null
+++ b/tests/tests/su/03/su_run_command17.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "Running commands (check working directory): su -c pwd - myuser -p"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+export SHELL=/bin/sh
+echo "/bin/su -c pwd - myuser -p> tmp/out 2> tmp/err"
+/bin/su -c pwd - myuser -p> tmp/out 2> tmp/err
+
+echo -n "Checking tmp/out..."
+case "$(cat tmp/out)" in
+	*/su/03)
+		echo "OK"
+		;;
+	*)
+		echo "FAIL"
+		echo "working directory: '$(cat tmp/out)' instead of '.../su/03'"
+		rm -f tmp/out
+		false
+		;;
+esac
+rm -f tmp/out
+
+echo -n "Checking tmp/err..."
+[ "$(wc -c tmp/err)" = "0 tmp/err" ] || false
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/04/config.txt b/tests/tests/su/04/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/04/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/04/config/etc/group b/tests/tests/su/04/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/04/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/04/config/etc/gshadow b/tests/tests/su/04/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/04/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/04/config/etc/login.defs b/tests/tests/su/04/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/su/04/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/04/config/etc/passwd b/tests/tests/su/04/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/04/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/04/config/etc/shadow b/tests/tests/su/04/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/04/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/04/config/var/log/auth.log b/tests/tests/su/04/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/04/config/var/log/auth.log
diff --git a/tests/tests/su/04/data/wrong_user.err b/tests/tests/su/04/data/wrong_user.err
new file mode 100644
index 0000000..774438e
--- /dev/null
+++ b/tests/tests/su/04/data/wrong_user.err
@@ -0,0 +1 @@
+No passwd entry for user 'myuser2'
diff --git a/tests/tests/su/04/run_su_failed.exp b/tests/tests/su/04/run_su_failed.exp
new file mode 100755
index 0000000..1811bfc
--- /dev/null
+++ b/tests/tests/su/04/run_su_failed.exp
@@ -0,0 +1,58 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect failure"
+
+expect "su: Authentication failure\r"
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n# make sure we are still 'testsuite'"
+send "\r"			;# restore the prompt for the logs
+expect "$ "			;# Wait for the prompt
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+expect "$ "			;# Wait for the prompt
+send "exit\r"
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/su/04/su_user_wrong_passwd.test b/tests/tests/su/04/su_user_wrong_passwd.test
new file mode 100755
index 0000000..757f0f1
--- /dev/null
+++ b/tests/tests/su/04/su_user_wrong_passwd.test
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su_failed.exp myuser myuserF00barbaz_wrongpass '$ '
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/04/su_user_wrong_passwd_syslog.test b/tests/tests/su/04/su_user_wrong_passwd_syslog.test
new file mode 100755
index 0000000..6c6a55d
--- /dev/null
+++ b/tests/tests/su/04/su_user_wrong_passwd_syslog.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su_failed.exp myuser myuserF00barbaz_wrongpass '$ '
+
+echo
+
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'FAILED su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "FAILED su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "Looking for '- pts/[0-9]+ testsuite:myuser' in /var/log/auth.log..."
+grep -q -E "\- /dev/pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/04/su_wrong_user.test b/tests/tests/su/04/su_wrong_user.test
new file mode 100755
index 0000000..96b4dc3
--- /dev/null
+++ b/tests/tests/su/04/su_wrong_user.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+
+log_start "$0" "su with a wrong user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo "/bin/su myuser2 -c pwd> tmp/out 2> tmp/err"
+/bin/su myuser2 -c pwd> tmp/out 2> tmp/err || {
+	status=$?
+}
+
+echo -n "Checking status=1..."
+test "$status" = "1"
+echo OK
+
+echo -n "Checking tmp/out..."
+[ "$(wc -c tmp/out)" = "0 tmp/out" ] || {
+	echo "FAIL"
+	echo "tmp/out is not empty:"
+	cat tmp/out
+	false
+}
+rm -f tmp/out
+echo "OK"
+
+echo -n "Checking tmp/err..."
+diff -au data/wrong_user.err tmp/err 
+rm -f tmp/err
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/05/config.txt b/tests/tests/su/05/config.txt
new file mode 100644
index 0000000..e70e04e
--- /dev/null
+++ b/tests/tests/su/05/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+#
+# Same config as 04, with SYSLOG_SU_ENAB set to "no"
diff --git a/tests/tests/su/05/config/etc/group b/tests/tests/su/05/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/05/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/05/config/etc/gshadow b/tests/tests/su/05/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/05/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/05/config/etc/login.defs b/tests/tests/su/05/config/etc/login.defs
new file mode 100644
index 0000000..91e45f5
--- /dev/null
+++ b/tests/tests/su/05/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/05/config/etc/passwd b/tests/tests/su/05/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/05/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/05/config/etc/shadow b/tests/tests/su/05/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/05/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/05/config/var/log/auth.log b/tests/tests/su/05/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/05/config/var/log/auth.log
diff --git a/tests/tests/su/05/run_su_failed.exp b/tests/tests/su/05/run_su_failed.exp
new file mode 100755
index 0000000..1811bfc
--- /dev/null
+++ b/tests/tests/su/05/run_su_failed.exp
@@ -0,0 +1,58 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect failure"
+
+expect "su: Authentication failure\r"
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n# make sure we are still 'testsuite'"
+send "\r"			;# restore the prompt for the logs
+expect "$ "			;# Wait for the prompt
+send "id\r"			;# Verify we are really testsuite
+
+expect "uid=424243(testsuite) gid=424243 groups=424243\r"
+expect "$ "			;# Wait for the prompt
+send "exit\r"
+puts "\nPASS"
+exit 0
diff --git a/tests/tests/su/05/su_user_wrong_passwd_syslog.test b/tests/tests/su/05/su_user_wrong_passwd_syslog.test
new file mode 100755
index 0000000..339e6ff
--- /dev/null
+++ b/tests/tests/su/05/su_user_wrong_passwd_syslog.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su_failed.exp myuser myuserF00barbaz_wrongpass '$ '
+
+echo
+
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'FAILED su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "FAILED su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "'- pts/[0-9]+ testsuite:myuser' should not be logged in /var/log/auth.log..."
+grep -v -q -E "\- pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/06/config.txt b/tests/tests/su/06/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/06/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/06/config/etc/group b/tests/tests/su/06/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/06/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/06/config/etc/gshadow b/tests/tests/su/06/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/06/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/06/config/etc/login.defs b/tests/tests/su/06/config/etc/login.defs
new file mode 100644
index 0000000..cf181ac
--- /dev/null
+++ b/tests/tests/su/06/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/06/config/etc/passwd b/tests/tests/su/06/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/06/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/06/config/etc/shadow b/tests/tests/su/06/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/06/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/06/config/var/log/auth.log b/tests/tests/su/06/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/06/config/var/log/auth.log
diff --git a/tests/tests/su/06/run_su.exp b/tests/tests/su/06/run_su.exp
new file mode 100755
index 0000000..ebe5068
--- /dev/null
+++ b/tests/tests/su/06/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/06/su_user_syslog.test b/tests/tests/su/06/su_user_syslog.test
new file mode 100755
index 0000000..50ca92e
--- /dev/null
+++ b/tests/tests/su/06/su_user_syslog.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'Successful su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "Successful su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "Looking for '+ pts/[0-9]+ tstsuite:myuser' in /var/log/auth.log..."
+grep -q -E "\+ /dev/pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/07/config.txt b/tests/tests/su/07/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/07/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/07/config/etc/group b/tests/tests/su/07/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/07/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/07/config/etc/gshadow b/tests/tests/su/07/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/07/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/07/config/etc/login.defs b/tests/tests/su/07/config/etc/login.defs
new file mode 100644
index 0000000..91e45f5
--- /dev/null
+++ b/tests/tests/su/07/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/07/config/etc/passwd b/tests/tests/su/07/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/07/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/07/config/etc/shadow b/tests/tests/su/07/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/07/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/07/config/var/log/auth.log b/tests/tests/su/07/config/var/log/auth.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/07/config/var/log/auth.log
diff --git a/tests/tests/su/07/run_su.exp b/tests/tests/su/07/run_su.exp
new file mode 100755
index 0000000..ebe5068
--- /dev/null
+++ b/tests/tests/su/07/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/07/su_user_syslog.test b/tests/tests/su/07/su_user_syslog.test
new file mode 100755
index 0000000..3c84121
--- /dev/null
+++ b/tests/tests/su/07/su_user_syslog.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo
+echo -n "Syncing disks..."
+sync
+echo "OK"
+echo "auth.log contains:"
+echo "======================================================================="
+cat /var/log/auth.log
+echo "======================================================================="
+echo -n "Looking for 'Successful su for myuser by testsuite' in /var/log/auth.log..."
+grep -q "Successful su for myuser by testsuite" /var/log/auth.log
+echo "OK"
+echo -n "Looking for '+ pts/[0-9]+ tstsuite:myuser' in /var/log/auth.log..."
+grep -v -q -E "\+ pts/[0-9]+ testsuite:myuser" /var/log/auth.log
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/08/config.txt b/tests/tests/su/08/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/08/config.txt
diff --git a/tests/tests/su/08/config/etc/group b/tests/tests/su/08/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/08/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/08/config/etc/gshadow b/tests/tests/su/08/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/08/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/08/config/etc/login.defs b/tests/tests/su/08/config/etc/login.defs
new file mode 100644
index 0000000..01b74d9
--- /dev/null
+++ b/tests/tests/su/08/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/08/config/etc/passwd b/tests/tests/su/08/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/su/08/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/08/config/etc/shadow b/tests/tests/su/08/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/08/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/08/env_special-options_ b/tests/tests/su/08/env_special-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/08/env_special-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/08/env_special-options_.exp b/tests/tests/su/08/env_special-options_.exp
new file mode 100755
index 0000000..7c69860
--- /dev/null
+++ b/tests/tests/su/08/env_special-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/08/env_special_root-options_ b/tests/tests/su/08/env_special_root-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/08/env_special_root-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/08/env_special_root-options_.exp b/tests/tests/su/08/env_special_root-options_.exp
new file mode 100755
index 0000000..7f4b271
--- /dev/null
+++ b/tests/tests/su/08/env_special_root-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su to root, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su $command\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/09/config.txt b/tests/tests/su/09/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/09/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/09/config/etc/group b/tests/tests/su/09/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/09/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/09/config/etc/gshadow b/tests/tests/su/09/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/09/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/09/config/etc/login.defs b/tests/tests/su/09/config/etc/login.defs
new file mode 100644
index 0000000..acf5f93
--- /dev/null
+++ b/tests/tests/su/09/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#ENV_PATH	/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/09/config/etc/passwd b/tests/tests/su/09/config/etc/passwd
new file mode 100644
index 0000000..9bdeb8c
--- /dev/null
+++ b/tests/tests/su/09/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home/:/bin/sh
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/09/config/etc/shadow b/tests/tests/su/09/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/09/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/09/env_special-options_ b/tests/tests/su/09/env_special-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/09/env_special-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/09/env_special-options_.exp b/tests/tests/su/09/env_special-options_.exp
new file mode 100755
index 0000000..a116a1a
--- /dev/null
+++ b/tests/tests/su/09/env_special-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su myuser $command\r"
+expect "$ "
+
+send "id\n"
+expect "uid=424242(myuser) gid=424242(myuser) groups=424242(myuser)\r"
+expect "$ "
+
+send_user "\n# PATH should be '/bin:/usr/bin'"
+send "\r"
+expect "$ "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/bin:/usr/bin\"\r"
+expect "$ "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/home/'myuser'myuser'/bin/sh'\r"
+expect "$ "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/09/env_special_root-options_ b/tests/tests/su/09/env_special_root-options_
new file mode 100755
index 0000000..32243ad
--- /dev/null
+++ b/tests/tests/su/09/env_special_root-options_
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+testname=$(basename $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+export HOME=/root  # seems to be set to /home/travis, breaking some tests
+
+command=""
+
+case  "$testname" in
+	*_bash)
+		log_start "$0" "propagation of environment variable FOO in command bash: $testname"
+		testname=$(echo "$testname" | sed -s 's/_bash$//')
+		command="-c bash"
+		echo testname: $testname
+		;;
+	*)
+		log_start "$0" "propagation of environment variable FOO: $test"
+		;;
+esac
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+"./$testname.exp" "$command"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/09/env_special_root-options_.exp b/tests/tests/su/09/env_special_root-options_.exp
new file mode 100755
index 0000000..726616d
--- /dev/null
+++ b/tests/tests/su/09/env_special_root-options_.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect
+
+if {$argc == 1} {
+	set command     [lindex $argv 0]
+} else {
+	set command     ""
+}
+
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "id\r"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send "export PATH=bar:\$PATH\r"
+expect "# "
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "# "
+
+#=============================================================================
+#
+# Regular su to root, preserve environment
+# However, PATH is reset
+#
+#=============================================================================
+send "/bin/su $command\r"
+expect "# "
+
+send "id\n"
+expect "uid=0(root) gid=0(root) groups=0(root)\r"
+expect "# "
+
+send_user "\n# PATH should be '/sbin:/bin:/usr/sbin:/usr/bin'"
+send "\r"
+expect "# "
+
+send "echo \"PATH=\\\"\$PATH\\\"\"\r"
+expect "PATH=\"/sbin:/bin:/usr/sbin:/usr/bin\"\r"
+expect "# "
+
+send "echo \"'\$HOME'\$USER'\$LOGNAME'\$SHELL'\"\r"
+expect "'/root'root'root'/bin/bash'\r"
+expect "# "
+
+send "exit\r"
+expect "# "
+
+puts "\nPASS"
+exit 0
+
diff --git a/tests/tests/su/10_su_sulog_success/config.txt b/tests/tests/su/10_su_sulog_success/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/group b/tests/tests/su/10_su_sulog_success/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/gshadow b/tests/tests/su/10_su_sulog_success/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/login.defs b/tests/tests/su/10_su_sulog_success/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/passwd b/tests/tests/su/10_su_sulog_success/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/10_su_sulog_success/config/etc/shadow b/tests/tests/su/10_su_sulog_success/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/10_su_sulog_success/config/var/log/sulog b/tests/tests/su/10_su_sulog_success/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/config/var/log/sulog
diff --git a/tests/tests/su/10_su_sulog_success/data/sulog b/tests/tests/su/10_su_sulog_success/data/sulog
new file mode 100644
index 0000000..cba81e9
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/data/sulog
@@ -0,0 +1 @@
+2 /var/log/sulog
diff --git a/tests/tests/su/10_su_sulog_success/run_su.exp b/tests/tests/su/10_su_sulog_success/run_su.exp
new file mode 100755
index 0000000..ebe5068
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/run_su.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password\r"		;# Send the password
+
+send_user "\n# password '$password' sent\n\n"
+send_user "# expect prompt '$prompt'"
+
+expect {
+	# Wait for the new prompt
+	"$prompt" {
+		send_user "\n\n# make sure we are '$user'\n"
+		send_user "# id should return '($user).*($user).*($user)"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+
+		expect {
+			-re "\\($user\\).*\\($user\\).*\\($user\\)" {
+				expect "$prompt"
+				send "exit\r"
+				expect "$ "
+				puts "\nPASS"
+				exit 0
+			}
+		}
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/10_su_sulog_success/su.test b/tests/tests/su/10_su_sulog_success/su.test
new file mode 100755
index 0000000..3e98b36
--- /dev/null
+++ b/tests/tests/su/10_su_sulog_success/su.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo -n "Check /var/log/sulog..."
+wc -l /var/log/sulog > tmp/sulog
+d=$(date +"SU %m/%d %H:%M")
+cat /var/log/sulog | \
+    grep -E -v "$d \+ /dev/pts/[0-9]* root-testsuite" | \
+    grep -E -v "$d \+ /dev/pts/[0-9]* testsuite-myuser" \
+        >> tmp/sulog || true
+diff -auN tmp/sulog data/sulog
+echo "OK"
+rm -f tmp/sulog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/11_su_sulog_failure/config.txt b/tests/tests/su/11_su_sulog_failure/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/group b/tests/tests/su/11_su_sulog_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/gshadow b/tests/tests/su/11_su_sulog_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/login.defs b/tests/tests/su/11_su_sulog_failure/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/passwd b/tests/tests/su/11_su_sulog_failure/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/11_su_sulog_failure/config/etc/shadow b/tests/tests/su/11_su_sulog_failure/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/11_su_sulog_failure/config/var/log/sulog b/tests/tests/su/11_su_sulog_failure/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/config/var/log/sulog
diff --git a/tests/tests/su/11_su_sulog_failure/data/sulog b/tests/tests/su/11_su_sulog_failure/data/sulog
new file mode 100644
index 0000000..cba81e9
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/data/sulog
@@ -0,0 +1 @@
+2 /var/log/sulog
diff --git a/tests/tests/su/11_su_sulog_failure/run_su.exp b/tests/tests/su/11_su_sulog_failure/run_su.exp
new file mode 100755
index 0000000..cbac2b5
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/run_su.exp
@@ -0,0 +1,67 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+if {$argc != 3} {
+	puts "usage: run_su.exp <user> <password> <prompt>"
+	exit 1
+}
+
+set user     [lindex $argv 0]
+set password [lindex $argv 1]
+set prompt   [lindex $argv 2]
+
+# First, switch to the testsuite user
+# (otherwise, no password will be asked)
+send_user "# switch to the passwordless 'testsuite' user\n"
+send_user "# and expect a '$ ' prompt\n"
+spawn /bin/su testsuite
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n# make sure we are now 'testsuite'"
+send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+send "\r"			;# restore the prompt for the logs
+send "id\r"			;# Verify we are really testsuite
+
+expect {
+	timeout {
+		puts "\ntimeout...FAIL"
+		exit 1
+	}
+	"uid=424243(testsuite) gid=424243 groups=424243"
+}
+
+expect "$ "			;# Wait for the prompt
+
+send_user "\n\n"
+send_user "# now switch to user '$user'\n"
+send_user "# and expect a password prompt"
+send "\r"			;# restore the prompt for the logs
+send "su $user\r"		;# Switch to the user
+expect "Password: "		;# Wait for the Password: prompt
+# Wait a little bit more (su is not ready to receive the password)
+sleep 0.1
+
+send "$password wrong\r"	;# Send the password
+
+send_user "\n# password '$password wrong' sent\n\n"
+send_user "# expect prompt '$ '"
+
+expect {
+	# Wait for the new prompt
+	"$ " {
+		send_user "\n\n# make sure we are 'testsuite'\n"
+		send_user "\n# id should return 'uid=424243(testsuite) gid=424243 groups=424243'"
+		send "\r"	;# restore the prompt for the logs
+		send "id\r"	;# Verify the id
+		expect "uid=424243(testsuite) gid=424243 groups=424243"
+		send "exit\r"
+		puts "\nPASS"
+		exit 0
+	}
+}
+
+puts "\ntimeout...FAIL"
+exit 1
diff --git a/tests/tests/su/11_su_sulog_failure/su.test b/tests/tests/su/11_su_sulog_failure/su.test
new file mode 100755
index 0000000..3a46eaa
--- /dev/null
+++ b/tests/tests/su/11_su_sulog_failure/su.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su can be used to switch to a non-root user"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+./run_su.exp myuser myuserF00barbaz '$ '
+
+echo -n "Check /var/log/sulog..."
+wc -l /var/log/sulog > tmp/sulog
+d1=$(date +"SU %m/%d %H:%M")
+d2=$(date -d"1 minute ago" +"SU %m/%d %H:%M")
+cat /var/log/sulog | \
+    grep -E -v "$d1 \+ /dev/pts/[0-9]* root-testsuite"  | \
+    grep -E -v "$d2 \+ /dev/pts/[0-9]* root-testsuite"  | \
+    grep -E -v "$d1 - /dev/pts/[0-9]* testsuite-myuser" | \
+    grep -E -v "$d2 - /dev/pts/[0-9]* testsuite-myuser" \
+        >> tmp/sulog || true
+diff -au data/sulog tmp/sulog
+echo "OK"
+rm -f tmp/sulog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/12_su_child_failure/config.txt b/tests/tests/su/12_su_child_failure/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/12_su_child_failure/config/etc/group b/tests/tests/su/12_su_child_failure/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/12_su_child_failure/config/etc/gshadow b/tests/tests/su/12_su_child_failure/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/12_su_child_failure/config/etc/login.defs b/tests/tests/su/12_su_child_failure/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/12_su_child_failure/config/etc/passwd b/tests/tests/su/12_su_child_failure/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/12_su_child_failure/config/etc/shadow b/tests/tests/su/12_su_child_failure/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/12_su_child_failure/config/var/log/sulog b/tests/tests/su/12_su_child_failure/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/config/var/log/sulog
diff --git a/tests/tests/su/12_su_child_failure/su.test b/tests/tests/su/12_su_child_failure/su.test
new file mode 100755
index 0000000..948f113
--- /dev/null
+++ b/tests/tests/su/12_su_child_failure/su.test
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su return failures of its child"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Run su, execute false..."
+su -l myuser -c false && exit || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check the return status..."
+[ "$status" = "1" ]
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/su/13_su_child_success/config.txt b/tests/tests/su/13_su_child_success/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/su/13_su_child_success/config/etc/group b/tests/tests/su/13_su_child_success/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/su/13_su_child_success/config/etc/gshadow b/tests/tests/su/13_su_child_success/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/su/13_su_child_success/config/etc/login.defs b/tests/tests/su/13_su_child_success/config/etc/login.defs
new file mode 100644
index 0000000..38bf533
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/login.defs
@@ -0,0 +1,314 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		no
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/su/13_su_child_success/config/etc/passwd b/tests/tests/su/13_su_child_success/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/su/13_su_child_success/config/etc/shadow b/tests/tests/su/13_su_child_success/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/su/13_su_child_success/config/var/log/sulog b/tests/tests/su/13_su_child_success/config/var/log/sulog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/config/var/log/sulog
diff --git a/tests/tests/su/13_su_child_success/su.test b/tests/tests/su/13_su_child_success/su.test
new file mode 100755
index 0000000..6ff932c
--- /dev/null
+++ b/tests/tests/su/13_su_child_success/su.test
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "su return failures of its child"
+
+
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Run su, execute false..."
+su -l myuser -c true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/01_useradd_no_subids/config.txt b/tests/tests/subids/01_useradd_no_subids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config.txt
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/default/useradd b/tests/tests/subids/01_useradd_no_subids/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/group b/tests/tests/subids/01_useradd_no_subids/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/gshadow b/tests/tests/subids/01_useradd_no_subids/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/passwd b/tests/tests/subids/01_useradd_no_subids/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/shadow b/tests/tests/subids/01_useradd_no_subids/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/subgid b/tests/tests/subids/01_useradd_no_subids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/subgid
diff --git a/tests/tests/subids/01_useradd_no_subids/config/etc/subuid b/tests/tests/subids/01_useradd_no_subids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/config/etc/subuid
diff --git a/tests/tests/subids/01_useradd_no_subids/data/group b/tests/tests/subids/01_useradd_no_subids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/01_useradd_no_subids/data/gshadow b/tests/tests/subids/01_useradd_no_subids/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/01_useradd_no_subids/data/passwd b/tests/tests/subids/01_useradd_no_subids/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/01_useradd_no_subids/data/shadow b/tests/tests/subids/01_useradd_no_subids/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/01_useradd_no_subids/useradd.test b/tests/tests/subids/01_useradd_no_subids/useradd.test
new file mode 100755
index 0000000..768d0aa
--- /dev/null
+++ b/tests/tests/subids/01_useradd_no_subids/useradd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd does not create /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid /etc/subuid..."
+rm -f /etc/subgid /etc/subuid
+echo "OK"
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check that /etc/subuid and /etc/subgid were not created..."
+test ! -f /etc/subgid
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/02_useradd_with_subids/config.txt b/tests/tests/subids/02_useradd_with_subids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config.txt
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/default/useradd b/tests/tests/subids/02_useradd_with_subids/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/group b/tests/tests/subids/02_useradd_with_subids/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/gshadow b/tests/tests/subids/02_useradd_with_subids/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/passwd b/tests/tests/subids/02_useradd_with_subids/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/shadow b/tests/tests/subids/02_useradd_with_subids/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/subgid b/tests/tests/subids/02_useradd_with_subids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/subgid
diff --git a/tests/tests/subids/02_useradd_with_subids/config/etc/subuid b/tests/tests/subids/02_useradd_with_subids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/config/etc/subuid
diff --git a/tests/tests/subids/02_useradd_with_subids/data/group b/tests/tests/subids/02_useradd_with_subids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/02_useradd_with_subids/data/gshadow b/tests/tests/subids/02_useradd_with_subids/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/02_useradd_with_subids/data/passwd b/tests/tests/subids/02_useradd_with_subids/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/02_useradd_with_subids/data/shadow b/tests/tests/subids/02_useradd_with_subids/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/02_useradd_with_subids/data/subgid b/tests/tests/subids/02_useradd_with_subids/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/02_useradd_with_subids/data/subuid b/tests/tests/subids/02_useradd_with_subids/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/02_useradd_with_subids/useradd.test b/tests/tests/subids/02_useradd_with_subids/useradd.test
new file mode 100755
index 0000000..e9154c1
--- /dev/null
+++ b/tests/tests/subids/02_useradd_with_subids/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd adds subids in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/03_useradd_no_subgid/config.txt b/tests/tests/subids/03_useradd_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config.txt
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/default/useradd b/tests/tests/subids/03_useradd_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/group b/tests/tests/subids/03_useradd_no_subgid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/gshadow b/tests/tests/subids/03_useradd_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/passwd b/tests/tests/subids/03_useradd_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/shadow b/tests/tests/subids/03_useradd_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/subgid b/tests/tests/subids/03_useradd_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/03_useradd_no_subgid/config/etc/subuid b/tests/tests/subids/03_useradd_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/group b/tests/tests/subids/03_useradd_no_subgid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/gshadow b/tests/tests/subids/03_useradd_no_subgid/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/passwd b/tests/tests/subids/03_useradd_no_subgid/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/shadow b/tests/tests/subids/03_useradd_no_subgid/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/03_useradd_no_subgid/data/subuid b/tests/tests/subids/03_useradd_no_subgid/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/03_useradd_no_subgid/useradd.test b/tests/tests/subids/03_useradd_no_subgid/useradd.test
new file mode 100755
index 0000000..5312710
--- /dev/null
+++ b/tests/tests/subids/03_useradd_no_subgid/useradd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/subuid even if /etc/subgid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/04_useradd_no_subuid/config.txt b/tests/tests/subids/04_useradd_no_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config.txt
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/default/useradd b/tests/tests/subids/04_useradd_no_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/group b/tests/tests/subids/04_useradd_no_subuid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/gshadow b/tests/tests/subids/04_useradd_no_subuid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/passwd b/tests/tests/subids/04_useradd_no_subuid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/shadow b/tests/tests/subids/04_useradd_no_subuid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/subgid b/tests/tests/subids/04_useradd_no_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/subgid
diff --git a/tests/tests/subids/04_useradd_no_subuid/config/etc/subuid b/tests/tests/subids/04_useradd_no_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/config/etc/subuid
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/group b/tests/tests/subids/04_useradd_no_subuid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/gshadow b/tests/tests/subids/04_useradd_no_subuid/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/passwd b/tests/tests/subids/04_useradd_no_subuid/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/shadow b/tests/tests/subids/04_useradd_no_subuid/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/04_useradd_no_subuid/data/subgid b/tests/tests/subids/04_useradd_no_subuid/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/04_useradd_no_subuid/useradd.test b/tests/tests/subids/04_useradd_no_subuid/useradd.test
new file mode 100755
index 0000000..ce0b8b7
--- /dev/null
+++ b/tests/tests/subids/04_useradd_no_subuid/useradd.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/subgid even if /etc/subuid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config.txt b/tests/tests/subids/05_useradd_fill_gap_start/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config.txt
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/default/useradd b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/group b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/gshadow b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/passwd b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/shadow b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subgid b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subgid
new file mode 100644
index 0000000..909f4ac
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subgid
@@ -0,0 +1 @@
+root:110000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subuid b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subuid
new file mode 100644
index 0000000..909f4ac
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/config/etc/subuid
@@ -0,0 +1 @@
+root:110000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/group b/tests/tests/subids/05_useradd_fill_gap_start/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/gshadow b/tests/tests/subids/05_useradd_fill_gap_start/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/passwd b/tests/tests/subids/05_useradd_fill_gap_start/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/shadow b/tests/tests/subids/05_useradd_fill_gap_start/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/subgid b/tests/tests/subids/05_useradd_fill_gap_start/data/subgid
new file mode 100644
index 0000000..73b5737
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/subgid
@@ -0,0 +1,2 @@
+root:110000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/data/subuid b/tests/tests/subids/05_useradd_fill_gap_start/data/subuid
new file mode 100644
index 0000000..73b5737
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/data/subuid
@@ -0,0 +1,2 @@
+root:110000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/05_useradd_fill_gap_start/useradd.test b/tests/tests/subids/05_useradd_fill_gap_start/useradd.test
new file mode 100755
index 0000000..79c0292
--- /dev/null
+++ b/tests/tests/subids/05_useradd_fill_gap_start/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/sub[ug]id at the beginning"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config.txt b/tests/tests/subids/06_useradd_fill_gap_middle/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config.txt
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/default/useradd b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/group b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/gshadow b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/passwd b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/shadow b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subgid b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subgid
new file mode 100644
index 0000000..8b9c643
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subgid
@@ -0,0 +1,2 @@
+root:100000:100000
+root:210000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subuid b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subuid
new file mode 100644
index 0000000..8b9c643
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/config/etc/subuid
@@ -0,0 +1,2 @@
+root:100000:100000
+root:210000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/group b/tests/tests/subids/06_useradd_fill_gap_middle/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/gshadow b/tests/tests/subids/06_useradd_fill_gap_middle/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/passwd b/tests/tests/subids/06_useradd_fill_gap_middle/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/shadow b/tests/tests/subids/06_useradd_fill_gap_middle/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/subgid b/tests/tests/subids/06_useradd_fill_gap_middle/data/subgid
new file mode 100644
index 0000000..c6e45a0
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/subgid
@@ -0,0 +1,3 @@
+root:100000:100000
+root:210000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/data/subuid b/tests/tests/subids/06_useradd_fill_gap_middle/data/subuid
new file mode 100644
index 0000000..c6e45a0
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/data/subuid
@@ -0,0 +1,3 @@
+root:100000:100000
+root:210000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/06_useradd_fill_gap_middle/useradd.test b/tests/tests/subids/06_useradd_fill_gap_middle/useradd.test
new file mode 100755
index 0000000..484164e
--- /dev/null
+++ b/tests/tests/subids/06_useradd_fill_gap_middle/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/sub[ug]id between 2 used ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config.txt b/tests/tests/subids/07_useradd_fill_gap_end/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config.txt
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/default/useradd b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/group b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/gshadow b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/passwd b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/shadow b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subgid b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subuid b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subuid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/config/etc/subuid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/group b/tests/tests/subids/07_useradd_fill_gap_end/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/gshadow b/tests/tests/subids/07_useradd_fill_gap_end/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/passwd b/tests/tests/subids/07_useradd_fill_gap_end/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/shadow b/tests/tests/subids/07_useradd_fill_gap_end/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/subgid b/tests/tests/subids/07_useradd_fill_gap_end/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/data/subuid b/tests/tests/subids/07_useradd_fill_gap_end/data/subuid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/data/subuid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/07_useradd_fill_gap_end/useradd.test b/tests/tests/subids/07_useradd_fill_gap_end/useradd.test
new file mode 100755
index 0000000..1175451
--- /dev/null
+++ b/tests/tests/subids/07_useradd_fill_gap_end/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd creates subids in /etc/sub[ug]id at the end"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config.txt b/tests/tests/subids/08_useradd_no_more_subuids_start/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config.txt
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/default/useradd b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/group b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/gshadow b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/passwd b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/shadow b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subgid b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subgid
new file mode 100644
index 0000000..2342814
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subgid
@@ -0,0 +1 @@
+root:110000:600100000
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subuid b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subuid
new file mode 100644
index 0000000..bafb12d
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/config/etc/subuid
@@ -0,0 +1 @@
+root:109999:600100000
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/data/useradd.err b/tests/tests/subids/08_useradd_no_more_subuids_start/data/useradd.err
new file mode 100644
index 0000000..133e01f
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate UID range
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/08_useradd_no_more_subuids_start/useradd.test b/tests/tests/subids/08_useradd_no_more_subuids_start/useradd.test
new file mode 100755
index 0000000..fea00a1
--- /dev/null
+++ b/tests/tests/subids/08_useradd_no_more_subuids_start/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config.txt b/tests/tests/subids/09_useradd_no_more_subgids_start/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config.txt
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/default/useradd b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/group b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/gshadow b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/passwd b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/shadow b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subgid b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subgid
new file mode 100644
index 0000000..bafb12d
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subgid
@@ -0,0 +1 @@
+root:109999:600100000
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subuid b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subuid
new file mode 100644
index 0000000..2342814
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/config/etc/subuid
@@ -0,0 +1 @@
+root:110000:600100000
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/data/useradd.err b/tests/tests/subids/09_useradd_no_more_subgids_start/data/useradd.err
new file mode 100644
index 0000000..d832f1f
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate GID range
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/09_useradd_no_more_subgids_start/useradd.test b/tests/tests/subids/09_useradd_no_more_subgids_start/useradd.test
new file mode 100755
index 0000000..3f23799
--- /dev/null
+++ b/tests/tests/subids/09_useradd_no_more_subgids_start/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config.txt b/tests/tests/subids/10_useradd_no_more_subuids_end/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config.txt
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/default/useradd b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/group b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/gshadow b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/passwd b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/shadow b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subgid b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subuid b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subuid
new file mode 100644
index 0000000..b6bb132
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/config/etc/subuid
@@ -0,0 +1 @@
+root:100000:599990002
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/data/useradd.err b/tests/tests/subids/10_useradd_no_more_subuids_end/data/useradd.err
new file mode 100644
index 0000000..133e01f
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate UID range
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/10_useradd_no_more_subuids_end/useradd.test b/tests/tests/subids/10_useradd_no_more_subuids_end/useradd.test
new file mode 100755
index 0000000..fea00a1
--- /dev/null
+++ b/tests/tests/subids/10_useradd_no_more_subuids_end/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subuid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config.txt b/tests/tests/subids/11_useradd_no_more_subgids_end/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config.txt
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/default/useradd b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/group b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/gshadow b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/passwd b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/shadow b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subgid b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subgid
new file mode 100644
index 0000000..b6bb132
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990002
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subuid b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subuid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/config/etc/subuid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/data/useradd.err b/tests/tests/subids/11_useradd_no_more_subgids_end/data/useradd.err
new file mode 100644
index 0000000..d832f1f
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Can't get unique subordinate GID range
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/11_useradd_no_more_subgids_end/useradd.test b/tests/tests/subids/11_useradd_no_more_subgids_end/useradd.test
new file mode 100755
index 0000000..3f23799
--- /dev/null
+++ b/tests/tests/subids/11_useradd_no_more_subgids_end/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports failure if there are no subids available in /etc/subgid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config.txt b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config.txt
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/default/useradd b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/group b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/gshadow b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs
new file mode 100644
index 0000000..97553e7
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MAX		   100000
+SUB_UID_MIN		600100000
+SUB_UID_COUNT		    10000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+#SUB_GID_MAX		   100000
+#SUB_GID_MIN		600100000
+#SUB_GID_COUNT		    10000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/passwd b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/shadow b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subgid b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subgid
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subuid b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/subuid
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/data/useradd.err b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/data/useradd.err
new file mode 100644
index 0000000..c7c46fb
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_UID_MIN (600100000), SUB_UID_MAX (100000), SUB_UID_COUNT (10000)
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/12_useradd_invalid_subuid_configuration1/useradd.test b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/useradd.test
new file mode 100755
index 0000000..a350e39
--- /dev/null
+++ b/tests/tests/subids/12_useradd_invalid_subuid_configuration1/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subuid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config.txt b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config.txt
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/default/useradd b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/group b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/gshadow b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs
new file mode 100644
index 0000000..416dc88
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MIN		   100000
+SUB_UID_MAX		600100000
+SUB_UID_COUNT		600100000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+#SUB_GID_MIN		   100000
+#SUB_GID_MAX		600100000
+#SUB_GID_COUNT		600100000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/passwd b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/shadow b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subgid b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subgid
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subuid b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/subuid
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/data/useradd.err b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/data/useradd.err
new file mode 100644
index 0000000..469e0a8
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_UID_MIN (100000), SUB_UID_MAX (600100000), SUB_UID_COUNT (600100000)
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/13_useradd_invalid_subuid_configuration2/useradd.test b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/useradd.test
new file mode 100755
index 0000000..a350e39
--- /dev/null
+++ b/tests/tests/subids/13_useradd_invalid_subuid_configuration2/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subuid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config.txt b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config.txt
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/default/useradd b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/group b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/gshadow b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs
new file mode 100644
index 0000000..3f8796a
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MIN		   100000
+SUB_UID_MAX		   100000
+SUB_UID_COUNT		        2
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+#SUB_GID_MIN		   100000
+#SUB_GID_MAX		   100000
+#SUB_GID_COUNT		        2
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/passwd b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/shadow b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subgid b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subgid
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subuid b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/subuid
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/data/useradd.err b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/data/useradd.err
new file mode 100644
index 0000000..3ab22c5
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_UID_MIN (100000), SUB_UID_MAX (100000), SUB_UID_COUNT (2)
+useradd: can't create subordinate user IDs
diff --git a/tests/tests/subids/14_useradd_invalid_subuid_configuration3/useradd.test b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/useradd.test
new file mode 100755
index 0000000..a350e39
--- /dev/null
+++ b/tests/tests/subids/14_useradd_invalid_subuid_configuration3/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subuid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config.txt b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config.txt
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/default/useradd b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/group b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/gshadow b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs
new file mode 100644
index 0000000..6810e0b
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+#SUB_UID_MAX		   100000
+#SUB_UID_MIN		600100000
+#SUB_UID_COUNT		    10000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MAX		   100000
+SUB_GID_MIN		600100000
+SUB_GID_COUNT		    10000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/passwd b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/shadow b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subgid b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subgid
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subuid b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/subuid
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/data/useradd.err b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/data/useradd.err
new file mode 100644
index 0000000..9c4c664
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_GID_MIN (600100000), SUB_GID_MAX (100000), SUB_GID_COUNT (10000)
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/15_useradd_invalid_subgid_configuration1/useradd.test b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/useradd.test
new file mode 100755
index 0000000..a737c53
--- /dev/null
+++ b/tests/tests/subids/15_useradd_invalid_subgid_configuration1/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subgid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config.txt b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config.txt
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/default/useradd b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/group b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/gshadow b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs
new file mode 100644
index 0000000..4f11deb
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+#SUB_UID_MIN		   100000
+#SUB_UID_MAX		600100000
+#SUB_UID_COUNT		600100000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MIN		   100000
+SUB_GID_MAX		600100000
+SUB_GID_COUNT		600100000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/passwd b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/shadow b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subgid b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subgid
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subuid b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/subuid
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/data/useradd.err b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/data/useradd.err
new file mode 100644
index 0000000..53b37e0
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_GID_MIN (100000), SUB_GID_MAX (600100000), SUB_GID_COUNT (600100000)
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/16_useradd_invalid_subgid_configuration2/useradd.test b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/useradd.test
new file mode 100755
index 0000000..a737c53
--- /dev/null
+++ b/tests/tests/subids/16_useradd_invalid_subgid_configuration2/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subgid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config.txt b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config.txt
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/default/useradd b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/group b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/gshadow b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs
new file mode 100644
index 0000000..9b233d4
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+#SUB_UID_MIN		   100000
+#SUB_UID_MAX		   100000
+#SUB_UID_COUNT		        2
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MIN		   100000
+SUB_GID_MAX		   100000
+SUB_GID_COUNT		        2
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/passwd b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/shadow b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subgid b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subgid
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subuid b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/subuid
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/data/useradd.err b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/data/useradd.err
new file mode 100644
index 0000000..fd9289d
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: Invalid configuration: SUB_GID_MIN (100000), SUB_GID_MAX (100000), SUB_GID_COUNT (2)
+useradd: can't create subordinate group IDs
diff --git a/tests/tests/subids/17_useradd_invalid_subgid_configuration3/useradd.test b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/useradd.test
new file mode 100755
index 0000000..a737c53
--- /dev/null
+++ b/tests/tests/subids/17_useradd_invalid_subgid_configuration3/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd reports invalid subgid configuration"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl config/etc/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl config/etc/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl config/etc/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/18_useradd_min=max/config.txt b/tests/tests/subids/18_useradd_min=max/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config.txt
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/default/useradd b/tests/tests/subids/18_useradd_min=max/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/group b/tests/tests/subids/18_useradd_min=max/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/gshadow b/tests/tests/subids/18_useradd_min=max/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/login.defs b/tests/tests/subids/18_useradd_min=max/config/etc/login.defs
new file mode 100644
index 0000000..751974d
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/login.defs
@@ -0,0 +1,342 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+# Per user subordinate UIDs
+SUB_UID_MIN		   100000
+SUB_UID_MAX		   100000
+SUB_UID_COUNT		        1
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+# Per user subordinate GIDs
+SUB_GID_MIN		   100000
+SUB_GID_MAX		   100000
+SUB_GID_COUNT		        1
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/passwd b/tests/tests/subids/18_useradd_min=max/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/shadow b/tests/tests/subids/18_useradd_min=max/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/subgid b/tests/tests/subids/18_useradd_min=max/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/subgid
diff --git a/tests/tests/subids/18_useradd_min=max/config/etc/subuid b/tests/tests/subids/18_useradd_min=max/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/config/etc/subuid
diff --git a/tests/tests/subids/18_useradd_min=max/data/group b/tests/tests/subids/18_useradd_min=max/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/18_useradd_min=max/data/gshadow b/tests/tests/subids/18_useradd_min=max/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/18_useradd_min=max/data/passwd b/tests/tests/subids/18_useradd_min=max/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/18_useradd_min=max/data/shadow b/tests/tests/subids/18_useradd_min=max/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/18_useradd_min=max/data/subgid b/tests/tests/subids/18_useradd_min=max/data/subgid
new file mode 100644
index 0000000..25a4ca7
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/subgid
@@ -0,0 +1 @@
+foo:100000:1
diff --git a/tests/tests/subids/18_useradd_min=max/data/subuid b/tests/tests/subids/18_useradd_min=max/data/subuid
new file mode 100644
index 0000000..25a4ca7
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/data/subuid
@@ -0,0 +1 @@
+foo:100000:1
diff --git a/tests/tests/subids/18_useradd_min=max/useradd.test b/tests/tests/subids/18_useradd_min=max/useradd.test
new file mode 100755
index 0000000..10bb7b7
--- /dev/null
+++ b/tests/tests/subids/18_useradd_min=max/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd can create one subid in /etc/sub[ug]id when SUB_.ID_MIN=SUB_.ID_MAX"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config.txt b/tests/tests/subids/19_useradd_locked_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config.txt
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/default/useradd b/tests/tests/subids/19_useradd_locked_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/group b/tests/tests/subids/19_useradd_locked_subuid/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/gshadow b/tests/tests/subids/19_useradd_locked_subuid/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/passwd b/tests/tests/subids/19_useradd_locked_subuid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/shadow b/tests/tests/subids/19_useradd_locked_subuid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/subgid b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subgid
diff --git a/tests/tests/subids/19_useradd_locked_subuid/config/etc/subuid b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/config/etc/subuid
diff --git a/tests/tests/subids/19_useradd_locked_subuid/data/useradd.err b/tests/tests/subids/19_useradd_locked_subuid/data/useradd.err
new file mode 100644
index 0000000..c785407
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/subuid.lock without a PID
+useradd: cannot lock /etc/subuid; try again later.
diff --git a/tests/tests/subids/19_useradd_locked_subuid/useradd.test b/tests/tests/subids/19_useradd_locked_subuid/useradd.test
new file mode 100755
index 0000000..279573f
--- /dev/null
+++ b/tests/tests/subids/19_useradd_locked_subuid/useradd.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd checks if the subuid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subuid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subuid..."
+touch /etc/subuid.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subuid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config.txt b/tests/tests/subids/20_useradd_locked_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config.txt
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/default/useradd b/tests/tests/subids/20_useradd_locked_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/group b/tests/tests/subids/20_useradd_locked_subgid/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/gshadow b/tests/tests/subids/20_useradd_locked_subgid/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/passwd b/tests/tests/subids/20_useradd_locked_subgid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/shadow b/tests/tests/subids/20_useradd_locked_subgid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/subgid b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subgid
diff --git a/tests/tests/subids/20_useradd_locked_subgid/config/etc/subuid b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/config/etc/subuid
diff --git a/tests/tests/subids/20_useradd_locked_subgid/data/useradd.err b/tests/tests/subids/20_useradd_locked_subgid/data/useradd.err
new file mode 100644
index 0000000..13bbf3b
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/subgid.lock without a PID
+useradd: cannot lock /etc/subgid; try again later.
diff --git a/tests/tests/subids/20_useradd_locked_subgid/useradd.test b/tests/tests/subids/20_useradd_locked_subgid/useradd.test
new file mode 100755
index 0000000..145ac98
--- /dev/null
+++ b/tests/tests/subids/20_useradd_locked_subgid/useradd.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd checks if the subgid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subgid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subgid..."
+touch /etc/subgid.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subgid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config.txt b/tests/tests/subids/21_usermod_create_subuid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/default/useradd b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/group b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/gshadow b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/passwd b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/shadow b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subgid b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subgid
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subuid b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/config/etc/subuid
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/data/subuid b/tests/tests/subids/21_usermod_create_subuid_range/data/subuid
new file mode 100644
index 0000000..b1cd704
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/data/subuid
@@ -0,0 +1 @@
+foo:100000:501
diff --git a/tests/tests/subids/21_usermod_create_subuid_range/usermod.test b/tests/tests/subids/21_usermod_create_subuid_range/usermod.test
new file mode 100755
index 0000000..3c5470d
--- /dev/null
+++ b/tests/tests/subids/21_usermod_create_subuid_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create a subuid range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create range of subuid for user foo (usermod -v 100000-100500 foo)..."
+usermod -v 100000-100500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config.txt b/tests/tests/subids/22_usermod_create_subgid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/default/useradd b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/group b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/gshadow b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/passwd b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/shadow b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subgid b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subgid
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subuid b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/config/etc/subuid
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/data/subgid b/tests/tests/subids/22_usermod_create_subgid_range/data/subgid
new file mode 100644
index 0000000..b1cd704
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/data/subgid
@@ -0,0 +1 @@
+foo:100000:501
diff --git a/tests/tests/subids/22_usermod_create_subgid_range/usermod.test b/tests/tests/subids/22_usermod_create_subgid_range/usermod.test
new file mode 100755
index 0000000..a5045a4
--- /dev/null
+++ b/tests/tests/subids/22_usermod_create_subgid_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create a subgid range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create range of subgid for user foo (usermod -w 100000-100500 foo)..."
+usermod -w 100000-100500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config.txt b/tests/tests/subids/23_usermod_create_subids_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/default/useradd b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/group b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/gshadow b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/passwd b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/shadow b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subgid b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subgid
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subuid b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/config/etc/subuid
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/data/subgid b/tests/tests/subids/23_usermod_create_subids_ranges/data/subgid
new file mode 100644
index 0000000..e0a6b2f
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/data/subgid
@@ -0,0 +1,3 @@
+foo:102000:501
+foo:101000:502
+foo:100000:502
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/data/subuid b/tests/tests/subids/23_usermod_create_subids_ranges/data/subuid
new file mode 100644
index 0000000..8d10ef6
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:501
+foo:101000:501
diff --git a/tests/tests/subids/23_usermod_create_subids_ranges/usermod.test b/tests/tests/subids/23_usermod_create_subids_ranges/usermod.test
new file mode 100755
index 0000000..fccfade
--- /dev/null
+++ b/tests/tests/subids/23_usermod_create_subids_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create multiple subuid and subgid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create ranges of subuid and subgid for user foo (usermod -v 101000-101500 -w 100000-100501 -w 101000-101501 -w 102000-102500 -v 100000-100500 foo)..."
+usermod -v 101000-101500 -w 100000-100501 -w 101000-101501 -w 102000-102500 -v 100000-100500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config.txt b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/default/useradd b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/group b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/gshadow b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/passwd b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/shadow b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subgid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subgid
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subuid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/config/etc/subuid
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subgid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subgid
new file mode 100644
index 0000000..e1960c7
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subgid
@@ -0,0 +1,3 @@
+foo:100000:402
+foo:100500:1002
+foo:100000:502
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subuid b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subuid
new file mode 100644
index 0000000..e07aca9
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/data/subuid
@@ -0,0 +1,4 @@
+foo:200011:10
+foo:200000:11
+foo:100000:1001
+foo:101000:501
diff --git a/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/usermod.test b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/usermod.test
new file mode 100755
index 0000000..ad1725b
--- /dev/null
+++ b/tests/tests/subids/24_usermod_create_subids_overlapping_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can create overlapping subuid and subgid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create ranges of subuid and subgid for user foo (usermod -v 101000-101500 -w 100000-100501 -w 100500-101501 -v 100000-101000 -v 200000-200010 -v 200011-200020 -w 100000-100401 foo)..."
+usermod -v 101000-101500 -w 100000-100501 -w 100500-101501 -v 100000-101000 -v 200000-200010 -v 200011-200020 -w 100000-100401 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/25_usermod_add_range/config.txt b/tests/tests/subids/25_usermod_add_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/default/useradd b/tests/tests/subids/25_usermod_add_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/group b/tests/tests/subids/25_usermod_add_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/gshadow b/tests/tests/subids/25_usermod_add_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/passwd b/tests/tests/subids/25_usermod_add_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/shadow b/tests/tests/subids/25_usermod_add_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/subgid b/tests/tests/subids/25_usermod_add_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/25_usermod_add_range/config/etc/subuid b/tests/tests/subids/25_usermod_add_range/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/25_usermod_add_range/data/subgid b/tests/tests/subids/25_usermod_add_range/data/subgid
new file mode 100644
index 0000000..e4babf0
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:150000:502
diff --git a/tests/tests/subids/25_usermod_add_range/data/subuid b/tests/tests/subids/25_usermod_add_range/data/subuid
new file mode 100644
index 0000000..80fb282
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:120000:501
diff --git a/tests/tests/subids/25_usermod_add_range/usermod.test b/tests/tests/subids/25_usermod_add_range/usermod.test
new file mode 100755
index 0000000..5278875
--- /dev/null
+++ b/tests/tests/subids/25_usermod_add_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can add subuid and subgid ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add ranges of subuid and subgid for user foo (usermod -v 120000-120500 -w 150000-150501 foo)..."
+usermod -v 120000-120500 -w 150000-150501 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config.txt b/tests/tests/subids/26_usermod_add_overlapping_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/default/useradd b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/group b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/gshadow b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/passwd b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/shadow b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subgid b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subuid b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subgid b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subgid
new file mode 100644
index 0000000..455f531
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subgid
@@ -0,0 +1,3 @@
+foo:100000:10000
+foo:200000:10000
+foo:100000:50502
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subuid b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subuid
new file mode 100644
index 0000000..072266b
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/data/subuid
@@ -0,0 +1,3 @@
+foo:100000:10000
+foo:200000:10000
+foo:110000:10501
diff --git a/tests/tests/subids/26_usermod_add_overlapping_ranges/usermod.test b/tests/tests/subids/26_usermod_add_overlapping_ranges/usermod.test
new file mode 100755
index 0000000..9224181
--- /dev/null
+++ b/tests/tests/subids/26_usermod_add_overlapping_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can add subuid and subgid ranges overlapping with existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add ranges of subuid and subgid for user foo (usermod -v 110000-120500 -w 100000-150501 -v 200000-200500 foo)..."
+usermod -v 110000-120500 -w 100000-150501 -v 200000-200500 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config.txt b/tests/tests/subids/27_usermod_remove_range_all/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/default/useradd b/tests/tests/subids/27_usermod_remove_range_all/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/group b/tests/tests/subids/27_usermod_remove_range_all/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/gshadow b/tests/tests/subids/27_usermod_remove_range_all/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/passwd b/tests/tests/subids/27_usermod_remove_range_all/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/shadow b/tests/tests/subids/27_usermod_remove_range_all/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/subgid b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/27_usermod_remove_range_all/config/etc/subuid b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/27_usermod_remove_range_all/data/subgid b/tests/tests/subids/27_usermod_remove_range_all/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/data/subgid
diff --git a/tests/tests/subids/27_usermod_remove_range_all/data/subuid b/tests/tests/subids/27_usermod_remove_range_all/data/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/data/subuid
diff --git a/tests/tests/subids/27_usermod_remove_range_all/usermod.test b/tests/tests/subids/27_usermod_remove_range_all/usermod.test
new file mode 100755
index 0000000..0bd7f0b
--- /dev/null
+++ b/tests/tests/subids/27_usermod_remove_range_all/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove subuid and subgid ranges matching boundaries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-109999 -W 100000-109999 foo)..."
+usermod -V 100000-109999 -W 100000-109999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config.txt b/tests/tests/subids/28_usermod_remove_range_partial_begin/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/default/useradd b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/group b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/gshadow b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/passwd b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/shadow b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subgid b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subuid b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subgid b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subgid
new file mode 100644
index 0000000..8feb16c
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200001:9999
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subuid b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subuid
new file mode 100644
index 0000000..454c624
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/data/subuid
@@ -0,0 +1,2 @@
+foo:106000:4000
+foo:209999:1
diff --git a/tests/tests/subids/28_usermod_remove_range_partial_begin/usermod.test b/tests/tests/subids/28_usermod_remove_range_partial_begin/usermod.test
new file mode 100755
index 0000000..03a7966
--- /dev/null
+++ b/tests/tests/subids/28_usermod_remove_range_partial_begin/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges with matching lower boundaries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-105999 -W 200000-200000 foo)..."
+usermod -V 100000-105999 -W 200000-200000 -V 200000-209998 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config.txt b/tests/tests/subids/29_usermod_remove_range_partial_middle/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/default/useradd b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/group b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/gshadow b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/passwd b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/shadow b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subgid b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subuid b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subgid b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subgid
new file mode 100644
index 0000000..179115c
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:5000
+foo:109999:1
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subuid b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subuid
new file mode 100644
index 0000000..b1f3d76
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/data/subuid
@@ -0,0 +1,4 @@
+foo:100000:1
+foo:200000:5000
+foo:207001:2999
+foo:106000:4000
diff --git a/tests/tests/subids/29_usermod_remove_range_partial_middle/usermod.test b/tests/tests/subids/29_usermod_remove_range_partial_middle/usermod.test
new file mode 100755
index 0000000..bba46bc
--- /dev/null
+++ b/tests/tests/subids/29_usermod_remove_range_partial_middle/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges included in existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100001-105999 -W 105000-109998 -V 205000-207000 foo)..."
+usermod -V 100001-105999 -W 105000-109998 -V 205000-207000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config.txt b/tests/tests/subids/30_usermod_remove_range_partial_end/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/default/useradd b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/group b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/gshadow b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/passwd b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/shadow b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subgid b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subuid b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/data/subgid b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subgid
new file mode 100644
index 0000000..707bde6
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subgid
@@ -0,0 +1 @@
+foo:100000:5000
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/data/subuid b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subuid
new file mode 100644
index 0000000..88ff38c
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:1
+foo:200000:9999
diff --git a/tests/tests/subids/30_usermod_remove_range_partial_end/usermod.test b/tests/tests/subids/30_usermod_remove_range_partial_end/usermod.test
new file mode 100755
index 0000000..c110716
--- /dev/null
+++ b/tests/tests/subids/30_usermod_remove_range_partial_end/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges with matching upper boundaries"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100001-109999 -W 105000-109999 -V 209998-209999 foo)..."
+usermod -V 100001-109999 -W 105000-109999 -V 209999-209999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config.txt b/tests/tests/subids/31_usermod_remove_outside_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/default/useradd b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/group b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/gshadow b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/passwd b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/shadow b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subgid b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subuid b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/data/subgid b/tests/tests/subids/31_usermod_remove_outside_range/data/subgid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/data/subgid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/data/subuid b/tests/tests/subids/31_usermod_remove_outside_range/data/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/31_usermod_remove_outside_range/usermod.test b/tests/tests/subids/31_usermod_remove_outside_range/usermod.test
new file mode 100755
index 0000000..477c722
--- /dev/null
+++ b/tests/tests/subids/31_usermod_remove_outside_range/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not remove subuid and subgid ranges if provided ranges are outside of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 1000-99999 -W 110000-199999 foo)..."
+usermod -V 1000-99999 -W 110000-199999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config.txt b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/default/useradd b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/group b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/gshadow b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/passwd b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/shadow b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subgid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subuid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subgid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subgid
new file mode 100644
index 0000000..c2dcd1a
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subgid
@@ -0,0 +1 @@
+foo:109999:1
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subuid b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subuid
new file mode 100644
index 0000000..30bf143
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/data/subuid
@@ -0,0 +1,2 @@
+foo:100001:9999
+foo:209999:1
diff --git a/tests/tests/subids/32_usermod_remove_overlapping_range_begin/usermod.test b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/usermod.test
new file mode 100755
index 0000000..1f2766a
--- /dev/null
+++ b/tests/tests/subids/32_usermod_remove_overlapping_range_begin/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges overlapping beginning of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 10000-100000 -W 5000-109998 -V 110000-209998 foo)..."
+usermod -V 10000-100000 -W 5000-109998 -V 110000-209998 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config.txt b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/default/useradd b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/group b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/gshadow b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/passwd b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/shadow b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subgid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subuid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subgid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subgid
new file mode 100644
index 0000000..707bde6
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subgid
@@ -0,0 +1 @@
+foo:100000:5000
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subuid b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subuid
new file mode 100644
index 0000000..88ff38c
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/data/subuid
@@ -0,0 +1,2 @@
+foo:100000:1
+foo:200000:9999
diff --git a/tests/tests/subids/33_usermod_remove_overlapping_range_end/usermod.test b/tests/tests/subids/33_usermod_remove_overlapping_range_end/usermod.test
new file mode 100755
index 0000000..545fd27
--- /dev/null
+++ b/tests/tests/subids/33_usermod_remove_overlapping_range_end/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges overlapping upper boundaries of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100001-109999 -W 105000-120000 -V 209999-210001 foo)..."
+usermod -V 100001-109999 -W 105000-120000 -V 209999-210001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config.txt b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/default/useradd b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/group b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/gshadow b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/passwd b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/shadow b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subgid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subuid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subgid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subgid
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subuid b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subuid
new file mode 100644
index 0000000..92313ec
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/data/subuid
@@ -0,0 +1 @@
+foo:100000:9999
diff --git a/tests/tests/subids/34_usermod_remove_overlapping_range_all/usermod.test b/tests/tests/subids/34_usermod_remove_overlapping_range_all/usermod.test
new file mode 100755
index 0000000..ba781eb
--- /dev/null
+++ b/tests/tests/subids/34_usermod_remove_overlapping_range_all/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove partial subuid and subgid ranges whose boundaries overlap boundaries of existing ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -W 99997-110002 -V 109999-210000 foo)..."
+usermod -W 99997-110002 -V 109999-210000 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config.txt b/tests/tests/subids/35_usermod_remove_only_user_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/default/useradd b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/group b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/gshadow b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/passwd b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/shadow b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subgid b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subgid
new file mode 100644
index 0000000..81c7134
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subgid
@@ -0,0 +1,4 @@
+root:100000:10000
+foo:100000:10000
+foo:200000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subuid b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subuid
new file mode 100644
index 0000000..96f8274
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/config/etc/subuid
@@ -0,0 +1,4 @@
+foo:100000:10000
+foo:200000:10000
+root:100000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subgid b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subgid
new file mode 100644
index 0000000..ba36f20
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subgid
@@ -0,0 +1,2 @@
+root:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subuid b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subuid
new file mode 100644
index 0000000..5000837
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/data/subuid
@@ -0,0 +1,2 @@
+foo:200000:10000
+root:100000:10000
diff --git a/tests/tests/subids/35_usermod_remove_only_user_ranges/usermod.test b/tests/tests/subids/35_usermod_remove_only_user_ranges/usermod.test
new file mode 100755
index 0000000..191ffb2
--- /dev/null
+++ b/tests/tests/subids/35_usermod_remove_only_user_ranges/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not remove subuid and subgid ranges of other users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-109999 -W 100000-109999 foo)..."
+usermod -V 100000-109999 -W 100000-109999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config.txt b/tests/tests/subids/36_usermod_remove_with_comment/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/default/useradd b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/group b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/gshadow b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/passwd b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/shadow b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subgid b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subgid
new file mode 100644
index 0000000..efd5bbc
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subgid
@@ -0,0 +1,3 @@
+foo:100000:10000
+# This is a duplicate entry
+foo:100000:10000
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subuid b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subuid
new file mode 100644
index 0000000..efd5bbc
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/config/etc/subuid
@@ -0,0 +1,3 @@
+foo:100000:10000
+# This is a duplicate entry
+foo:100000:10000
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/data/subgid b/tests/tests/subids/36_usermod_remove_with_comment/data/subgid
new file mode 100644
index 0000000..cbb145c
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/data/subgid
@@ -0,0 +1 @@
+# This is a duplicate entry
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/data/subuid b/tests/tests/subids/36_usermod_remove_with_comment/data/subuid
new file mode 100644
index 0000000..cbb145c
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/data/subuid
@@ -0,0 +1 @@
+# This is a duplicate entry
diff --git a/tests/tests/subids/36_usermod_remove_with_comment/usermod.test b/tests/tests/subids/36_usermod_remove_with_comment/usermod.test
new file mode 100755
index 0000000..ae1e146
--- /dev/null
+++ b/tests/tests/subids/36_usermod_remove_with_comment/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod ignores and keeps comments when ranges are removed"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove ranges of subuid and subgid for user foo (usermod -V 100000-109999 -W 100000-109999 foo)..."
+usermod -V 100000-109999 -W 100000-109999 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config.txt b/tests/tests/subids/37_usermod_-v_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/default/useradd b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/group b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/gshadow b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/passwd b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/shadow b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subgid b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subuid b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/data/usermod.err b/tests/tests/subids/37_usermod_-v_invalid_range/data/usermod.err
new file mode 100644
index 0000000..b863376
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '110000-100000'
diff --git a/tests/tests/subids/37_usermod_-v_invalid_range/usermod.test b/tests/tests/subids/37_usermod_-v_invalid_range/usermod.test
new file mode 100755
index 0000000..4f0ec18
--- /dev/null
+++ b/tests/tests/subids/37_usermod_-v_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "min > max (usermod -v 110000-100000 foo)..."
+usermod -v 110000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config.txt b/tests/tests/subids/38_usermod_-V_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/default/useradd b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/group b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/gshadow b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/passwd b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/shadow b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subgid b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subuid b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/data/usermod.err b/tests/tests/subids/38_usermod_-V_invalid_range/data/usermod.err
new file mode 100644
index 0000000..2d8964d
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '110000'
diff --git a/tests/tests/subids/38_usermod_-V_invalid_range/usermod.test b/tests/tests/subids/38_usermod_-V_invalid_range/usermod.test
new file mode 100755
index 0000000..462c803
--- /dev/null
+++ b/tests/tests/subids/38_usermod_-V_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "range is a single value (usermod -V 110000 foo)..."
+usermod -V 110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config.txt b/tests/tests/subids/39_usermod_-w_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/default/useradd b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/group b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/gshadow b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/passwd b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/shadow b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subgid b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subuid b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/data/usermod.err b/tests/tests/subids/39_usermod_-w_invalid_range/data/usermod.err
new file mode 100644
index 0000000..1e3eb0b
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate gid range '100000a-110000'
diff --git a/tests/tests/subids/39_usermod_-w_invalid_range/usermod.test b/tests/tests/subids/39_usermod_-w_invalid_range/usermod.test
new file mode 100755
index 0000000..d347344
--- /dev/null
+++ b/tests/tests/subids/39_usermod_-w_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "characters inserted in range (usermod -w 100000a-110000 foo)..."
+usermod -w 100000a-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config.txt b/tests/tests/subids/40_usermod_-W_invalid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/default/useradd b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/group b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/gshadow b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/passwd b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/shadow b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subgid b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subuid b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/data/usermod.err b/tests/tests/subids/40_usermod_-W_invalid_range/data/usermod.err
new file mode 100644
index 0000000..15803ff
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate gid range '100000-110000a'
diff --git a/tests/tests/subids/40_usermod_-W_invalid_range/usermod.test b/tests/tests/subids/40_usermod_-W_invalid_range/usermod.test
new file mode 100755
index 0000000..803ab62
--- /dev/null
+++ b/tests/tests/subids/40_usermod_-W_invalid_range/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "invalid characters appended (usermod -W 100000-110000a foo)..."
+usermod -W 100000-110000a foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config.txt b/tests/tests/subids/41_usermod_locked_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config.txt
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/default/useradd b/tests/tests/subids/41_usermod_locked_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/group b/tests/tests/subids/41_usermod_locked_subuid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/gshadow b/tests/tests/subids/41_usermod_locked_subuid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/passwd b/tests/tests/subids/41_usermod_locked_subuid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/shadow b/tests/tests/subids/41_usermod_locked_subuid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/subgid b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subgid
diff --git a/tests/tests/subids/41_usermod_locked_subuid/config/etc/subuid b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/config/etc/subuid
diff --git a/tests/tests/subids/41_usermod_locked_subuid/data/usermod.err b/tests/tests/subids/41_usermod_locked_subuid/data/usermod.err
new file mode 100644
index 0000000..5d2daeb
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/subuid.lock without a PID
+usermod: cannot lock /etc/subuid; try again later.
diff --git a/tests/tests/subids/41_usermod_locked_subuid/usermod.test b/tests/tests/subids/41_usermod_locked_subuid/usermod.test
new file mode 100755
index 0000000..8b954ea
--- /dev/null
+++ b/tests/tests/subids/41_usermod_locked_subuid/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the subuid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subuid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subuid..."
+touch /etc/subuid.lock
+echo "done"
+
+echo -n "Add subuid ranges to user foo (usermod -v 100000-100000 foo)..."
+usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subuid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "16"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config.txt b/tests/tests/subids/42_usermod_locked_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config.txt
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/default/useradd b/tests/tests/subids/42_usermod_locked_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/group b/tests/tests/subids/42_usermod_locked_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/gshadow b/tests/tests/subids/42_usermod_locked_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/passwd b/tests/tests/subids/42_usermod_locked_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/shadow b/tests/tests/subids/42_usermod_locked_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/subgid b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subgid
diff --git a/tests/tests/subids/42_usermod_locked_subgid/config/etc/subuid b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/config/etc/subuid
diff --git a/tests/tests/subids/42_usermod_locked_subgid/data/usermod.err b/tests/tests/subids/42_usermod_locked_subgid/data/usermod.err
new file mode 100644
index 0000000..dee7b1d
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/subgid.lock without a PID
+usermod: cannot lock /etc/subgid; try again later.
diff --git a/tests/tests/subids/42_usermod_locked_subgid/usermod.test b/tests/tests/subids/42_usermod_locked_subgid/usermod.test
new file mode 100755
index 0000000..c44be3a
--- /dev/null
+++ b/tests/tests/subids/42_usermod_locked_subgid/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the subgid file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/subgid.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/subgid..."
+touch /etc/subgid.lock
+echo "done"
+
+echo -n "Add subgid ranges to user foo (usermod -w 100000-100000 foo)..."
+usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/subgid.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "18"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config.txt b/tests/tests/subids/43_usermod_-w_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config.txt
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/default/useradd b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/group b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/gshadow b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/passwd b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/shadow b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subgid b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subuid b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/data/usermod.err b/tests/tests/subids/43_usermod_-w_no_subgid/data/usermod.err
new file mode 100644
index 0000000..4f03a68
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subgid does not exist, you cannot use the flags -w or -W
diff --git a/tests/tests/subids/43_usermod_-w_no_subgid/usermod.test b/tests/tests/subids/43_usermod_-w_no_subgid/usermod.test
new file mode 100755
index 0000000..118bc4a
--- /dev/null
+++ b/tests/tests/subids/43_usermod_-w_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -w fails is there is no subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Add subgid ranges to user foo (usermod -w 100000-100000 foo)..."
+usermod -w 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config.txt b/tests/tests/subids/44_usermod_-W_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config.txt
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/default/useradd b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/group b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/gshadow b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/passwd b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/shadow b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subgid b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subuid b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/data/usermod.err b/tests/tests/subids/44_usermod_-W_no_subgid/data/usermod.err
new file mode 100644
index 0000000..4f03a68
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subgid does not exist, you cannot use the flags -w or -W
diff --git a/tests/tests/subids/44_usermod_-W_no_subgid/usermod.test b/tests/tests/subids/44_usermod_-W_no_subgid/usermod.test
new file mode 100755
index 0000000..da7788e
--- /dev/null
+++ b/tests/tests/subids/44_usermod_-W_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -W fails is there is no subgid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Remove subgid ranges to user foo (usermod -W 100000-100000 foo)..."
+usermod -W 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config.txt b/tests/tests/subids/45_usermod_-v_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config.txt
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/default/useradd b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/group b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/gshadow b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/passwd b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/shadow b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subgid b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subuid b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/data/usermod.err b/tests/tests/subids/45_usermod_-v_no_subgid/data/usermod.err
new file mode 100644
index 0000000..e3ea042
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
diff --git a/tests/tests/subids/45_usermod_-v_no_subgid/usermod.test b/tests/tests/subids/45_usermod_-v_no_subgid/usermod.test
new file mode 100755
index 0000000..af1359d
--- /dev/null
+++ b/tests/tests/subids/45_usermod_-v_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -v fails is there is no subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Add subuid ranges to user foo (usermod -v 100000-100000 foo)..."
+usermod -v 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config.txt b/tests/tests/subids/46_usermod_-V_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config.txt
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/default/useradd b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/group b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/gshadow b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/passwd b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/shadow b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subgid b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subuid b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/data/usermod.err b/tests/tests/subids/46_usermod_-V_no_subgid/data/usermod.err
new file mode 100644
index 0000000..e3ea042
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/data/usermod.err
@@ -0,0 +1 @@
+usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
diff --git a/tests/tests/subids/46_usermod_-V_no_subgid/usermod.test b/tests/tests/subids/46_usermod_-V_no_subgid/usermod.test
new file mode 100755
index 0000000..df95f3f
--- /dev/null
+++ b/tests/tests/subids/46_usermod_-V_no_subgid/usermod.test
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -V fails is there is no subuid file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Remove subuid ranges to user foo (usermod -V 100000-100000 foo)..."
+usermod -V 100000-100000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config.txt b/tests/tests/subids/47_usermod_-v_invalid_range2/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/default/useradd b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/group b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/gshadow b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/passwd b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/shadow b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subgid b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subuid b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/data/usermod.err b/tests/tests/subids/47_usermod_-v_invalid_range2/data/usermod.err
new file mode 100644
index 0000000..384efdc
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range 'a100000-110000'
diff --git a/tests/tests/subids/47_usermod_-v_invalid_range2/usermod.test b/tests/tests/subids/47_usermod_-v_invalid_range2/usermod.test
new file mode 100755
index 0000000..776e383
--- /dev/null
+++ b/tests/tests/subids/47_usermod_-v_invalid_range2/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "invalid characters at the beginning (usermod -v a100000-110000 foo)..."
+usermod -v a100000-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config.txt b/tests/tests/subids/48_usermod_-v_invalid_range3/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/default/useradd b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/group b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/gshadow b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/passwd b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/shadow b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subgid b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subuid b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/data/usermod.err b/tests/tests/subids/48_usermod_-v_invalid_range3/data/usermod.err
new file mode 100644
index 0000000..26b5963
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range ''
diff --git a/tests/tests/subids/48_usermod_-v_invalid_range3/usermod.test b/tests/tests/subids/48_usermod_-v_invalid_range3/usermod.test
new file mode 100755
index 0000000..3363322
--- /dev/null
+++ b/tests/tests/subids/48_usermod_-v_invalid_range3/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "empty range (usermod -v '' foo)..."
+usermod -v '' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config.txt b/tests/tests/subids/49_usermod_-v_invalid_range4/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/default/useradd b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/group b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/gshadow b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/passwd b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/shadow b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subgid b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subuid b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/data/usermod.err b/tests/tests/subids/49_usermod_-v_invalid_range4/data/usermod.err
new file mode 100644
index 0000000..3b7df62
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '-100000-110000'
diff --git a/tests/tests/subids/49_usermod_-v_invalid_range4/usermod.test b/tests/tests/subids/49_usermod_-v_invalid_range4/usermod.test
new file mode 100755
index 0000000..c0b9357
--- /dev/null
+++ b/tests/tests/subids/49_usermod_-v_invalid_range4/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "negative UID (usermod -v -100000-110000 foo)..."
+usermod -v -100000-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config.txt b/tests/tests/subids/50_usermod_-v_invalid_range5/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/default/useradd b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/group b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/gshadow b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/passwd b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/shadow b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subgid b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subuid b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/data/usermod.err b/tests/tests/subids/50_usermod_-v_invalid_range5/data/usermod.err
new file mode 100644
index 0000000..4d538c9
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '9223372036854775808-110000'
diff --git a/tests/tests/subids/50_usermod_-v_invalid_range5/usermod.test b/tests/tests/subids/50_usermod_-v_invalid_range5/usermod.test
new file mode 100755
index 0000000..ddd831f
--- /dev/null
+++ b/tests/tests/subids/50_usermod_-v_invalid_range5/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "out of range UID (usermod -v 9223372036854775808-110000 foo)..."
+usermod -v 9223372036854775808-110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config.txt b/tests/tests/subids/51_usermod_-v_invalid_range6/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/default/useradd b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/group b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/gshadow b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/passwd b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/shadow b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subgid b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subuid b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/data/usermod.err b/tests/tests/subids/51_usermod_-v_invalid_range6/data/usermod.err
new file mode 100644
index 0000000..64d4f80
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '110000-9223372036854775808'
diff --git a/tests/tests/subids/51_usermod_-v_invalid_range6/usermod.test b/tests/tests/subids/51_usermod_-v_invalid_range6/usermod.test
new file mode 100755
index 0000000..3b23c76
--- /dev/null
+++ b/tests/tests/subids/51_usermod_-v_invalid_range6/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "out of range UID (usermod -v 110000-9223372036854775808 foo)..."
+usermod -v 110000-9223372036854775808 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config.txt b/tests/tests/subids/52_usermod_-v_invalid_range7/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/default/useradd b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/group b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/gshadow b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/passwd b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/shadow b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subgid b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subuid b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subuid
new file mode 100644
index 0000000..f42862e
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/config/etc/subuid
@@ -0,0 +1,2 @@
+foo:100000:10000
+foo:200000:10000
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/data/usermod.err b/tests/tests/subids/52_usermod_-v_invalid_range7/data/usermod.err
new file mode 100644
index 0000000..746202a
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid subordinate uid range '100000--110000'
diff --git a/tests/tests/subids/52_usermod_-v_invalid_range7/usermod.test b/tests/tests/subids/52_usermod_-v_invalid_range7/usermod.test
new file mode 100755
index 0000000..a00cf16
--- /dev/null
+++ b/tests/tests/subids/52_usermod_-v_invalid_range7/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod reports failure to parse ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "negative upper limit (usermod -v 100000--110000 foo)..."
+usermod -v 100000--110000 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config.txt b/tests/tests/subids/53_userdel_one_subuid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/default/useradd b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/group b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/gshadow b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/passwd b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/shadow b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subgid b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subgid
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subuid b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/group b/tests/tests/subids/53_userdel_one_subuid_range/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/gshadow b/tests/tests/subids/53_userdel_one_subuid_range/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/passwd b/tests/tests/subids/53_userdel_one_subuid_range/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/shadow b/tests/tests/subids/53_userdel_one_subuid_range/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/data/subuid b/tests/tests/subids/53_userdel_one_subuid_range/data/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/data/subuid
diff --git a/tests/tests/subids/53_userdel_one_subuid_range/userdel.test b/tests/tests/subids/53_userdel_one_subuid_range/userdel.test
new file mode 100755
index 0000000..2588794
--- /dev/null
+++ b/tests/tests/subids/53_userdel_one_subuid_range/userdel.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete an user with its subordinate UIDs range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config.txt b/tests/tests/subids/54_userdel_one_subgid_range/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/default/useradd b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/group b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/gshadow b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/passwd b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/shadow b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subgid b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subuid b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/config/etc/subuid
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/group b/tests/tests/subids/54_userdel_one_subgid_range/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/gshadow b/tests/tests/subids/54_userdel_one_subgid_range/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/passwd b/tests/tests/subids/54_userdel_one_subgid_range/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/shadow b/tests/tests/subids/54_userdel_one_subgid_range/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/data/subgid b/tests/tests/subids/54_userdel_one_subgid_range/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/data/subgid
diff --git a/tests/tests/subids/54_userdel_one_subgid_range/userdel.test b/tests/tests/subids/54_userdel_one_subgid_range/userdel.test
new file mode 100755
index 0000000..4ac57f8
--- /dev/null
+++ b/tests/tests/subids/54_userdel_one_subgid_range/userdel.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete an user with its subordinate GIDs range"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/55_userdel_no_subuid/config.txt b/tests/tests/subids/55_userdel_no_subuid/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/default/useradd b/tests/tests/subids/55_userdel_no_subuid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/group b/tests/tests/subids/55_userdel_no_subuid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/gshadow b/tests/tests/subids/55_userdel_no_subuid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/passwd b/tests/tests/subids/55_userdel_no_subuid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/shadow b/tests/tests/subids/55_userdel_no_subuid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/subgid b/tests/tests/subids/55_userdel_no_subuid/config/etc/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/55_userdel_no_subuid/config/etc/subuid b/tests/tests/subids/55_userdel_no_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/config/etc/subuid
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/group b/tests/tests/subids/55_userdel_no_subuid/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/gshadow b/tests/tests/subids/55_userdel_no_subuid/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/passwd b/tests/tests/subids/55_userdel_no_subuid/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/shadow b/tests/tests/subids/55_userdel_no_subuid/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/55_userdel_no_subuid/data/subgid b/tests/tests/subids/55_userdel_no_subuid/data/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/data/subgid
diff --git a/tests/tests/subids/55_userdel_no_subuid/userdel.test b/tests/tests/subids/55_userdel_no_subuid/userdel.test
new file mode 100755
index 0000000..8b9f33f
--- /dev/null
+++ b/tests/tests/subids/55_userdel_no_subuid/userdel.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can remove an user with its subordinate GIDs even if /etc/subuid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subgid..."
+rm -f /etc/subuid
+echo "OK"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/56_userdel_no_subgid/config.txt b/tests/tests/subids/56_userdel_no_subgid/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/default/useradd b/tests/tests/subids/56_userdel_no_subgid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/group b/tests/tests/subids/56_userdel_no_subgid/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/gshadow b/tests/tests/subids/56_userdel_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/passwd b/tests/tests/subids/56_userdel_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/shadow b/tests/tests/subids/56_userdel_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/subgid b/tests/tests/subids/56_userdel_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/56_userdel_no_subgid/config/etc/subuid b/tests/tests/subids/56_userdel_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/config/etc/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/group b/tests/tests/subids/56_userdel_no_subgid/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/gshadow b/tests/tests/subids/56_userdel_no_subgid/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/passwd b/tests/tests/subids/56_userdel_no_subgid/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/shadow b/tests/tests/subids/56_userdel_no_subgid/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/56_userdel_no_subgid/data/subuid b/tests/tests/subids/56_userdel_no_subgid/data/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/data/subuid
diff --git a/tests/tests/subids/56_userdel_no_subgid/userdel.test b/tests/tests/subids/56_userdel_no_subgid/userdel.test
new file mode 100755
index 0000000..fe545c0
--- /dev/null
+++ b/tests/tests/subids/56_userdel_no_subgid/userdel.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can remove an user with its subordinate UIDs even if /etc/subgid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config.txt b/tests/tests/subids/57_userdel_multiple_ranges/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/default/useradd b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/group b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/gshadow b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/passwd b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/shadow b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subgid b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subgid
new file mode 100644
index 0000000..4b52edc
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subgid
@@ -0,0 +1,14 @@
+#1
+foo:10000:500
+#2
+foo:100000:10000
+foo:100000:5000
+#3
+foo:200000:10000
+foo:200000:20000
+#4
+foo:300000:10000
+roo:300000:10000
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subuid b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subuid
new file mode 100644
index 0000000..4b52edc
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/config/etc/subuid
@@ -0,0 +1,14 @@
+#1
+foo:10000:500
+#2
+foo:100000:10000
+foo:100000:5000
+#3
+foo:200000:10000
+foo:200000:20000
+#4
+foo:300000:10000
+roo:300000:10000
+foo:300000:10000
+foo:400000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/group b/tests/tests/subids/57_userdel_multiple_ranges/data/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/gshadow b/tests/tests/subids/57_userdel_multiple_ranges/data/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/passwd b/tests/tests/subids/57_userdel_multiple_ranges/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/shadow b/tests/tests/subids/57_userdel_multiple_ranges/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/subgid b/tests/tests/subids/57_userdel_multiple_ranges/data/subgid
new file mode 100644
index 0000000..adb2561
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/subgid
@@ -0,0 +1,6 @@
+#1
+#2
+#3
+#4
+roo:300000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/data/subuid b/tests/tests/subids/57_userdel_multiple_ranges/data/subuid
new file mode 100644
index 0000000..adb2561
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/data/subuid
@@ -0,0 +1,6 @@
+#1
+#2
+#3
+#4
+roo:300000:10000
+root:500000:1000
diff --git a/tests/tests/subids/57_userdel_multiple_ranges/userdel.test b/tests/tests/subids/57_userdel_multiple_ranges/userdel.test
new file mode 100755
index 0000000..93f116f
--- /dev/null
+++ b/tests/tests/subids/57_userdel_multiple_ranges/userdel.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete an user with its subordinate UIDs ranges"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/58_newusers_with_subids/config.txt b/tests/tests/subids/58_newusers_with_subids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config.txt
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/group b/tests/tests/subids/58_newusers_with_subids/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/gshadow b/tests/tests/subids/58_newusers_with_subids/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/common-password b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/newusers b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/passwd b/tests/tests/subids/58_newusers_with_subids/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/shadow b/tests/tests/subids/58_newusers_with_subids/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/subgid b/tests/tests/subids/58_newusers_with_subids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/subgid
diff --git a/tests/tests/subids/58_newusers_with_subids/config/etc/subuid b/tests/tests/subids/58_newusers_with_subids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/config/etc/subuid
diff --git a/tests/tests/subids/58_newusers_with_subids/data/group b/tests/tests/subids/58_newusers_with_subids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/58_newusers_with_subids/data/gshadow b/tests/tests/subids/58_newusers_with_subids/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/58_newusers_with_subids/data/newusers.list b/tests/tests/subids/58_newusers_with_subids/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/58_newusers_with_subids/data/passwd b/tests/tests/subids/58_newusers_with_subids/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/58_newusers_with_subids/data/shadow b/tests/tests/subids/58_newusers_with_subids/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/58_newusers_with_subids/data/subgid b/tests/tests/subids/58_newusers_with_subids/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/58_newusers_with_subids/data/subuid b/tests/tests/subids/58_newusers_with_subids/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/58_newusers_with_subids/newusers.test b/tests/tests/subids/58_newusers_with_subids/newusers.test
new file mode 100755
index 0000000..2b69632
--- /dev/null
+++ b/tests/tests/subids/58_newusers_with_subids/newusers.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers creates subordinate IDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/59_newusers_no_subuid/config.txt b/tests/tests/subids/59_newusers_no_subuid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config.txt
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/group b/tests/tests/subids/59_newusers_no_subuid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/gshadow b/tests/tests/subids/59_newusers_no_subuid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/common-password b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/newusers b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/passwd b/tests/tests/subids/59_newusers_no_subuid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/shadow b/tests/tests/subids/59_newusers_no_subuid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/subgid b/tests/tests/subids/59_newusers_no_subuid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/subgid
diff --git a/tests/tests/subids/59_newusers_no_subuid/config/etc/subuid b/tests/tests/subids/59_newusers_no_subuid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/config/etc/subuid
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/group b/tests/tests/subids/59_newusers_no_subuid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/gshadow b/tests/tests/subids/59_newusers_no_subuid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/newusers.list b/tests/tests/subids/59_newusers_no_subuid/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/passwd b/tests/tests/subids/59_newusers_no_subuid/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/shadow b/tests/tests/subids/59_newusers_no_subuid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/59_newusers_no_subuid/data/subgid b/tests/tests/subids/59_newusers_no_subuid/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/59_newusers_no_subuid/newusers.test b/tests/tests/subids/59_newusers_no_subuid/newusers.test
new file mode 100755
index 0000000..f99d9a5
--- /dev/null
+++ b/tests/tests/subids/59_newusers_no_subuid/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers create subordinate GIDs even if /etc/subuid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subuid..."
+rm -f /etc/subuid
+echo "OK"
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+test ! -f /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/60_newusers_no_subgid/config.txt b/tests/tests/subids/60_newusers_no_subgid/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config.txt
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/group b/tests/tests/subids/60_newusers_no_subgid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/gshadow b/tests/tests/subids/60_newusers_no_subgid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/common-password b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/newusers b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/passwd b/tests/tests/subids/60_newusers_no_subgid/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/shadow b/tests/tests/subids/60_newusers_no_subgid/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/subgid b/tests/tests/subids/60_newusers_no_subgid/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/subgid
diff --git a/tests/tests/subids/60_newusers_no_subgid/config/etc/subuid b/tests/tests/subids/60_newusers_no_subgid/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/config/etc/subuid
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/group b/tests/tests/subids/60_newusers_no_subgid/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/gshadow b/tests/tests/subids/60_newusers_no_subgid/data/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/newusers.list b/tests/tests/subids/60_newusers_no_subgid/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/passwd b/tests/tests/subids/60_newusers_no_subgid/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/shadow b/tests/tests/subids/60_newusers_no_subgid/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/60_newusers_no_subgid/data/subuid b/tests/tests/subids/60_newusers_no_subgid/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/60_newusers_no_subgid/newusers.test b/tests/tests/subids/60_newusers_no_subgid/newusers.test
new file mode 100755
index 0000000..32a4174
--- /dev/null
+++ b/tests/tests/subids/60_newusers_no_subgid/newusers.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers create subordinate UIDs even if /etc/subgid does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/subgid..."
+rm -f /etc/subgid
+echo "OK"
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+test ! -f /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config.txt b/tests/tests/subids/61_newusers_user_already_has_subgids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config.txt
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/group b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/gshadow b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/common-password b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/newusers b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/passwd b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/shadow b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/shadow
new file mode 100644
index 0000000..648c54d
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subgid b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subgid
new file mode 100644
index 0000000..c6faa36
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subgid
@@ -0,0 +1 @@
+foo:200000:2000
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subuid b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/config/etc/subuid
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/group b/tests/tests/subids/61_newusers_user_already_has_subgids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/gshadow b/tests/tests/subids/61_newusers_user_already_has_subgids/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/newusers.list b/tests/tests/subids/61_newusers_user_already_has_subgids/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/passwd b/tests/tests/subids/61_newusers_user_already_has_subgids/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/shadow b/tests/tests/subids/61_newusers_user_already_has_subgids/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/data/subuid b/tests/tests/subids/61_newusers_user_already_has_subgids/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/61_newusers_user_already_has_subgids/newusers.test b/tests/tests/subids/61_newusers_user_already_has_subgids/newusers.test
new file mode 100755
index 0000000..752932e
--- /dev/null
+++ b/tests/tests/subids/61_newusers_user_already_has_subgids/newusers.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not create subordinate GIDs if the user already has subordinate GIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl config/etc/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config.txt b/tests/tests/subids/62_newusers_user_already_has_subuids/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config.txt
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/group b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/gshadow b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/common-password b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/newusers b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/newusers
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/pam.d/newusers
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/passwd b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/shadow b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/shadow
new file mode 100644
index 0000000..648c54d
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subgid b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subgid
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subuid b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subuid
new file mode 100644
index 0000000..ad0d53a
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/config/etc/subuid
@@ -0,0 +1,2 @@
+root:150000:10000
+foo:200000:2000
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/group b/tests/tests/subids/62_newusers_user_already_has_subuids/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/gshadow b/tests/tests/subids/62_newusers_user_already_has_subuids/data/gshadow
new file mode 100644
index 0000000..be1575e
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:x::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/newusers.list b/tests/tests/subids/62_newusers_user_already_has_subuids/data/newusers.list
new file mode 100644
index 0000000..9c40fa2
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/newusers.list
@@ -0,0 +1 @@
+foo:fooPass:::User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/passwd b/tests/tests/subids/62_newusers_user_already_has_subuids/data/passwd
new file mode 100644
index 0000000..7bf7386
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:User Foo - Gecos Field::/bin/sh
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/shadow b/tests/tests/subids/62_newusers_user_already_has_subuids/data/shadow
new file mode 100644
index 0000000..491b593
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:@PASS_DES fooPass@:@TODAY@:0:99999:7:::
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/data/subgid b/tests/tests/subids/62_newusers_user_already_has_subuids/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/62_newusers_user_already_has_subuids/newusers.test b/tests/tests/subids/62_newusers_user_already_has_subuids/newusers.test
new file mode 100755
index 0000000..d300db8
--- /dev/null
+++ b/tests/tests/subids/62_newusers_user_already_has_subuids/newusers.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "newusers does not create subordinate UIDs if the user already has subordinate UIDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+newusers data/newusers.list
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+../../common/compare_file.pl data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+../../common/compare_file.pl config/etc/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config.txt b/tests/tests/subids/63_useradd_fill_gap4/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config.txt
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/default/useradd b/tests/tests/subids/63_useradd_fill_gap4/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/group b/tests/tests/subids/63_useradd_fill_gap4/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/gshadow b/tests/tests/subids/63_useradd_fill_gap4/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/passwd b/tests/tests/subids/63_useradd_fill_gap4/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/shadow b/tests/tests/subids/63_useradd_fill_gap4/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/subgid b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/63_useradd_fill_gap4/config/etc/subuid b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subuid
new file mode 100644
index 0000000..5d64255
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/config/etc/subuid
@@ -0,0 +1,3 @@
+root:100000:599990001
+# This is after max
+root:600100001:10000
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/group b/tests/tests/subids/63_useradd_fill_gap4/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/gshadow b/tests/tests/subids/63_useradd_fill_gap4/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/passwd b/tests/tests/subids/63_useradd_fill_gap4/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/shadow b/tests/tests/subids/63_useradd_fill_gap4/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/subgid b/tests/tests/subids/63_useradd_fill_gap4/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/63_useradd_fill_gap4/data/subuid b/tests/tests/subids/63_useradd_fill_gap4/data/subuid
new file mode 100644
index 0000000..15b3a3c
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/data/subuid
@@ -0,0 +1,4 @@
+root:100000:599990001
+root:600100001:10000
+# This is after max
+foo:600090001:10000
diff --git a/tests/tests/subids/63_useradd_fill_gap4/useradd.test b/tests/tests/subids/63_useradd_fill_gap4/useradd.test
new file mode 100755
index 0000000..eb399cf
--- /dev/null
+++ b/tests/tests/subids/63_useradd_fill_gap4/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd fills subids gaps in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config.txt b/tests/tests/subids/64_useradd_fill_gap5/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config.txt
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/default/useradd b/tests/tests/subids/64_useradd_fill_gap5/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/group b/tests/tests/subids/64_useradd_fill_gap5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/gshadow b/tests/tests/subids/64_useradd_fill_gap5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/passwd b/tests/tests/subids/64_useradd_fill_gap5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/shadow b/tests/tests/subids/64_useradd_fill_gap5/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/subgid b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/64_useradd_fill_gap5/config/etc/subuid b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subuid
new file mode 100644
index 0000000..c178aee
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/config/etc/subuid
@@ -0,0 +1,3 @@
+root:100000:599990001
+# This is after max
+root:600100002:10000
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/group b/tests/tests/subids/64_useradd_fill_gap5/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/gshadow b/tests/tests/subids/64_useradd_fill_gap5/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/passwd b/tests/tests/subids/64_useradd_fill_gap5/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/shadow b/tests/tests/subids/64_useradd_fill_gap5/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/subgid b/tests/tests/subids/64_useradd_fill_gap5/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/64_useradd_fill_gap5/data/subuid b/tests/tests/subids/64_useradd_fill_gap5/data/subuid
new file mode 100644
index 0000000..a992af1
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/data/subuid
@@ -0,0 +1,4 @@
+root:100000:599990001
+root:600100002:10000
+# This is after max
+foo:600090001:10000
diff --git a/tests/tests/subids/64_useradd_fill_gap5/useradd.test b/tests/tests/subids/64_useradd_fill_gap5/useradd.test
new file mode 100755
index 0000000..eb399cf
--- /dev/null
+++ b/tests/tests/subids/64_useradd_fill_gap5/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd fills subids gaps in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config.txt b/tests/tests/subids/65_useradd_fill_gap6/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config.txt
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/default/useradd b/tests/tests/subids/65_useradd_fill_gap6/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/group b/tests/tests/subids/65_useradd_fill_gap6/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/gshadow b/tests/tests/subids/65_useradd_fill_gap6/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/passwd b/tests/tests/subids/65_useradd_fill_gap6/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/shadow b/tests/tests/subids/65_useradd_fill_gap6/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/subgid b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/65_useradd_fill_gap6/config/etc/subuid b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subuid
new file mode 100644
index 0000000..7f96123
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/config/etc/subuid
@@ -0,0 +1 @@
+root:90000:5000
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/group b/tests/tests/subids/65_useradd_fill_gap6/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/gshadow b/tests/tests/subids/65_useradd_fill_gap6/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/passwd b/tests/tests/subids/65_useradd_fill_gap6/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/shadow b/tests/tests/subids/65_useradd_fill_gap6/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/subgid b/tests/tests/subids/65_useradd_fill_gap6/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/65_useradd_fill_gap6/data/subuid b/tests/tests/subids/65_useradd_fill_gap6/data/subuid
new file mode 100644
index 0000000..d275cb0
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/data/subuid
@@ -0,0 +1,2 @@
+root:90000:5000
+foo:100000:10000
diff --git a/tests/tests/subids/65_useradd_fill_gap6/useradd.test b/tests/tests/subids/65_useradd_fill_gap6/useradd.test
new file mode 100755
index 0000000..11baa08
--- /dev/null
+++ b/tests/tests/subids/65_useradd_fill_gap6/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd create subids in /etc/sub[ug]id (range occupied before min)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config.txt b/tests/tests/subids/66_subordinate_range_cmp/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config.txt
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/default/useradd b/tests/tests/subids/66_subordinate_range_cmp/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/group b/tests/tests/subids/66_subordinate_range_cmp/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/gshadow b/tests/tests/subids/66_subordinate_range_cmp/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/passwd b/tests/tests/subids/66_subordinate_range_cmp/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/shadow b/tests/tests/subids/66_subordinate_range_cmp/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/subgid b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/66_subordinate_range_cmp/config/etc/subuid b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subuid
new file mode 100644
index 0000000..973cff0
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/config/etc/subuid
@@ -0,0 +1,15 @@
+#1
+root:90000:5000
+sfoo:300000:10000
+root:300000:10000
+root:200000:15000
+root:200000:10000
+root:100000:5000
+#2
+root:90000:5000
+root:200000:10000
+root:200000:15000
+root:300000:10000
+sfoo:300000:10000
+root:100000:5000
+#3
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/group b/tests/tests/subids/66_subordinate_range_cmp/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/gshadow b/tests/tests/subids/66_subordinate_range_cmp/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/passwd b/tests/tests/subids/66_subordinate_range_cmp/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/shadow b/tests/tests/subids/66_subordinate_range_cmp/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/subgid b/tests/tests/subids/66_subordinate_range_cmp/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/66_subordinate_range_cmp/data/subuid b/tests/tests/subids/66_subordinate_range_cmp/data/subuid
new file mode 100644
index 0000000..1bd0022
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/data/subuid
@@ -0,0 +1,16 @@
+root:90000:5000
+root:90000:5000
+root:100000:5000
+root:100000:5000
+root:200000:10000
+root:200000:10000
+root:200000:15000
+root:200000:15000
+root:300000:10000
+root:300000:10000
+sfoo:300000:10000
+sfoo:300000:10000
+#3
+#2
+#1
+foo:105000:10000
diff --git a/tests/tests/subids/66_subordinate_range_cmp/useradd.test b/tests/tests/subids/66_subordinate_range_cmp/useradd.test
new file mode 100755
index 0000000..966db07
--- /dev/null
+++ b/tests/tests/subids/66_subordinate_range_cmp/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "test the sort algorithm for subordinate IDs"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config.txt b/tests/tests/subids/67_invalid_subuid_file1/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config.txt
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/default/useradd b/tests/tests/subids/67_invalid_subuid_file1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/group b/tests/tests/subids/67_invalid_subuid_file1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/gshadow b/tests/tests/subids/67_invalid_subuid_file1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/passwd b/tests/tests/subids/67_invalid_subuid_file1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/shadow b/tests/tests/subids/67_invalid_subuid_file1/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/subgid b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/67_invalid_subuid_file1/config/etc/subuid b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subuid
new file mode 100644
index 0000000..5ebb946
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/config/etc/subuid
@@ -0,0 +1,2 @@
+root::5000
+root:200000:10000
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/group b/tests/tests/subids/67_invalid_subuid_file1/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/gshadow b/tests/tests/subids/67_invalid_subuid_file1/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/passwd b/tests/tests/subids/67_invalid_subuid_file1/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/shadow b/tests/tests/subids/67_invalid_subuid_file1/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/subgid b/tests/tests/subids/67_invalid_subuid_file1/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/67_invalid_subuid_file1/data/subuid b/tests/tests/subids/67_invalid_subuid_file1/data/subuid
new file mode 100644
index 0000000..492cd04
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/data/subuid
@@ -0,0 +1,3 @@
+root:200000:10000
+root::5000
+foo:100000:10000
diff --git a/tests/tests/subids/67_invalid_subuid_file1/useradd.test b/tests/tests/subids/67_invalid_subuid_file1/useradd.test
new file mode 100755
index 0000000..acdd793
--- /dev/null
+++ b/tests/tests/subids/67_invalid_subuid_file1/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (no numerical subordinate user ID)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config.txt b/tests/tests/subids/68_invalid_subuid_file2/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config.txt
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/default/useradd b/tests/tests/subids/68_invalid_subuid_file2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/group b/tests/tests/subids/68_invalid_subuid_file2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/gshadow b/tests/tests/subids/68_invalid_subuid_file2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/passwd b/tests/tests/subids/68_invalid_subuid_file2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/shadow b/tests/tests/subids/68_invalid_subuid_file2/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/subgid b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/68_invalid_subuid_file2/config/etc/subuid b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subuid
new file mode 100644
index 0000000..154481d
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/config/etc/subuid
@@ -0,0 +1,2 @@
+root:100000:
+root:200000:10000
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/group b/tests/tests/subids/68_invalid_subuid_file2/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/gshadow b/tests/tests/subids/68_invalid_subuid_file2/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/passwd b/tests/tests/subids/68_invalid_subuid_file2/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/shadow b/tests/tests/subids/68_invalid_subuid_file2/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/subgid b/tests/tests/subids/68_invalid_subuid_file2/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/68_invalid_subuid_file2/data/subuid b/tests/tests/subids/68_invalid_subuid_file2/data/subuid
new file mode 100644
index 0000000..162f05c
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/data/subuid
@@ -0,0 +1,3 @@
+root:200000:10000
+root:100000:
+foo:100000:10000
diff --git a/tests/tests/subids/68_invalid_subuid_file2/useradd.test b/tests/tests/subids/68_invalid_subuid_file2/useradd.test
new file mode 100755
index 0000000..fa67277
--- /dev/null
+++ b/tests/tests/subids/68_invalid_subuid_file2/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (no numerical subordinate user ID count)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config.txt b/tests/tests/subids/69_invalid_subuid_file3/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config.txt
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/default/useradd b/tests/tests/subids/69_invalid_subuid_file3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/group b/tests/tests/subids/69_invalid_subuid_file3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/gshadow b/tests/tests/subids/69_invalid_subuid_file3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/passwd b/tests/tests/subids/69_invalid_subuid_file3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/shadow b/tests/tests/subids/69_invalid_subuid_file3/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/subgid b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/69_invalid_subuid_file3/config/etc/subuid b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subuid
new file mode 100644
index 0000000..86fd00d
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/config/etc/subuid
@@ -0,0 +1,2 @@
+:100000:10000
+root:200000:10000
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/group b/tests/tests/subids/69_invalid_subuid_file3/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/gshadow b/tests/tests/subids/69_invalid_subuid_file3/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/passwd b/tests/tests/subids/69_invalid_subuid_file3/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/shadow b/tests/tests/subids/69_invalid_subuid_file3/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/subgid b/tests/tests/subids/69_invalid_subuid_file3/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/69_invalid_subuid_file3/data/subuid b/tests/tests/subids/69_invalid_subuid_file3/data/subuid
new file mode 100644
index 0000000..7faccee
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/data/subuid
@@ -0,0 +1,3 @@
+root:200000:10000
+:100000:10000
+foo:100000:10000
diff --git a/tests/tests/subids/69_invalid_subuid_file3/useradd.test b/tests/tests/subids/69_invalid_subuid_file3/useradd.test
new file mode 100755
index 0000000..89bc4cb
--- /dev/null
+++ b/tests/tests/subids/69_invalid_subuid_file3/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (no login name)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config.txt b/tests/tests/subids/70_invalid_subuid_file4/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config.txt
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/default/useradd b/tests/tests/subids/70_invalid_subuid_file4/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/group b/tests/tests/subids/70_invalid_subuid_file4/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/gshadow b/tests/tests/subids/70_invalid_subuid_file4/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/passwd b/tests/tests/subids/70_invalid_subuid_file4/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/shadow b/tests/tests/subids/70_invalid_subuid_file4/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/subgid b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subgid
new file mode 100644
index 0000000..5b6b0aa
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subgid
@@ -0,0 +1 @@
+root:100000:599990001
diff --git a/tests/tests/subids/70_invalid_subuid_file4/config/etc/subuid b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subuid
new file mode 100644
index 0000000..c8f2b70
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/config/etc/subuid
@@ -0,0 +1,5 @@
+root:-1:10000
+root:100000:-1
+root:100000a:10000
+root:100000:10000a
+root:200000:10000
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/group b/tests/tests/subids/70_invalid_subuid_file4/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/gshadow b/tests/tests/subids/70_invalid_subuid_file4/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/passwd b/tests/tests/subids/70_invalid_subuid_file4/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/shadow b/tests/tests/subids/70_invalid_subuid_file4/data/shadow
new file mode 100644
index 0000000..8899857
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/shadow
@@ -0,0 +1,20 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/subgid b/tests/tests/subids/70_invalid_subuid_file4/data/subgid
new file mode 100644
index 0000000..dde59ae
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/subgid
@@ -0,0 +1,2 @@
+root:100000:599990001
+foo:600090001:10000
diff --git a/tests/tests/subids/70_invalid_subuid_file4/data/subuid b/tests/tests/subids/70_invalid_subuid_file4/data/subuid
new file mode 100644
index 0000000..d162a80
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/data/subuid
@@ -0,0 +1,6 @@
+root:200000:10000
+root:100000:10000a
+root:100000a:10000
+root:100000:-1
+root:-1:10000
+foo:100000:10000
diff --git a/tests/tests/subids/70_invalid_subuid_file4/useradd.test b/tests/tests/subids/70_invalid_subuid_file4/useradd.test
new file mode 100755
index 0000000..a20e0e9
--- /dev/null
+++ b/tests/tests/subids/70_invalid_subuid_file4/useradd.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd ignores invalid lines in /etc/subuid (invalid numerical values)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add user foo..."
+useradd foo
+echo "OK"
+
+echo -n "Check the passwd file..." 
+../../common/compare_file.pl data/passwd /etc/passwd 
+echo "OK" 
+echo -n "Check the group file..." 
+../../common/compare_file.pl data/group /etc/group 
+echo "OK" 
+echo -n "Check the shadow file..." 
+../../common/compare_file.pl data/shadow /etc/shadow 
+echo "OK" 
+echo -n "Check the gshadow file..." 
+../../common/compare_file.pl data/gshadow /etc/gshadow 
+echo "OK"
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config.txt b/tests/tests/subids/71_useradd_subids_for_system/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config.txt
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/default/useradd b/tests/tests/subids/71_useradd_subids_for_system/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/group b/tests/tests/subids/71_useradd_subids_for_system/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/gshadow b/tests/tests/subids/71_useradd_subids_for_system/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/passwd b/tests/tests/subids/71_useradd_subids_for_system/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/shadow b/tests/tests/subids/71_useradd_subids_for_system/config/etc/shadow
new file mode 100644
index 0000000..031ce88
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/shadow
@@ -0,0 +1,19 @@
+root::12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/subgid b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subgid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subgid
diff --git a/tests/tests/subids/71_useradd_subids_for_system/config/etc/subuid b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subuid
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/config/etc/subuid
diff --git a/tests/tests/subids/71_useradd_subids_for_system/data/subgid b/tests/tests/subids/71_useradd_subids_for_system/data/subgid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/data/subgid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/71_useradd_subids_for_system/data/subuid b/tests/tests/subids/71_useradd_subids_for_system/data/subuid
new file mode 100644
index 0000000..3f7fd12
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/data/subuid
@@ -0,0 +1 @@
+foo:100000:10000
diff --git a/tests/tests/subids/71_useradd_subids_for_system/useradd.test b/tests/tests/subids/71_useradd_subids_for_system/useradd.test
new file mode 100755
index 0000000..b9e073f
--- /dev/null
+++ b/tests/tests/subids/71_useradd_subids_for_system/useradd.test
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd adds subids for system user in /etc/sub[ug]id"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Add system user foo..."
+useradd -r -F foo
+echo "OK"
+
+echo -n "Check the /etc/subgid file..."
+diff -au data/subgid /etc/subgid
+echo "OK"
+echo -n "Check the /etc/subuid file..."
+diff -au data/subuid /etc/subuid
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
diff --git a/tests/tests/unit/.deps/test_adds-test_adds.Po b/tests/tests/unit/.deps/test_adds-test_adds.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_adds-test_adds.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_atoi_strtoi-test_atoi_strtoi.Po b/tests/tests/unit/.deps/test_atoi_strtoi-test_atoi_strtoi.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_atoi_strtoi-test_atoi_strtoi.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_chkname-test_chkname.Po b/tests/tests/unit/.deps/test_chkname-test_chkname.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_chkname-test_chkname.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_logind-test_logind.Po b/tests/tests/unit/.deps/test_logind-test_logind.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_logind-test_logind.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_sprintf-test_sprintf.Po b/tests/tests/unit/.deps/test_sprintf-test_sprintf.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_sprintf-test_sprintf.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_strncpy-test_strncpy.Po b/tests/tests/unit/.deps/test_strncpy-test_strncpy.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_strncpy-test_strncpy.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_strtcpy-test_strtcpy.Po b/tests/tests/unit/.deps/test_strtcpy-test_strtcpy.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_strtcpy-test_strtcpy.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_xasprintf-test_xasprintf.Po b/tests/tests/unit/.deps/test_xasprintf-test_xasprintf.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_xasprintf-test_xasprintf.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.deps/test_zustr2stp-test_zustr2stp.Po b/tests/tests/unit/.deps/test_zustr2stp-test_zustr2stp.Po
new file mode 100644
index 0000000..9ce06a8
--- /dev/null
+++ b/tests/tests/unit/.deps/test_zustr2stp-test_zustr2stp.Po
@@ -0,0 +1 @@
+# dummy
diff --git a/tests/tests/unit/.gitignore b/tests/tests/unit/.gitignore
new file mode 100644
index 0000000..f331069
--- /dev/null
+++ b/tests/tests/unit/.gitignore
@@ -0,0 +1,6 @@
+# General files applicable to all test files
+*.log
+*.trs
+
+# Specific files to be added each time a new file is included
+test_logind
\ No newline at end of file
diff --git a/tests/tests/unit/Makefile b/tests/tests/unit/Makefile
new file mode 100644
index 0000000..39e86e1
--- /dev/null
+++ b/tests/tests/unit/Makefile
@@ -0,0 +1,1702 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# tests/unit/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/shadow
+pkgincludedir = $(includedir)/shadow
+pkglibdir = $(libdir)/shadow
+pkglibexecdir = $(libexecdir)/shadow
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-pc-linux-gnu
+host_triplet = x86_64-pc-linux-gnu
+check_PROGRAMS = test_adds$(EXEEXT) \
+	test_atoi_strtoi$(EXEEXT) \
+	test_chkname$(EXEEXT) test_sprintf$(EXEEXT) \
+	test_strncpy$(EXEEXT) test_strtcpy$(EXEEXT) \
+	test_xasprintf$(EXEEXT) \
+	test_zustr2stp$(EXEEXT) $(am__EXEEXT_1)
+am__append_1 = \
+    test_logind
+
+subdir = tests/unit
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 =  \
+	test_logind$(EXEEXT)
+am__test_adds_SOURCES_DIST = ../../lib/adds.c test_adds.c
+am__dirstamp = $(am__leading_dot)dirstamp
+am_test_adds_OBJECTS =  \
+	../../lib/test_adds-adds.$(OBJEXT) \
+	test_adds-test_adds.$(OBJEXT)
+test_adds_OBJECTS = $(am_test_adds_OBJECTS)
+am__DEPENDENCIES_1 =
+test_adds_DEPENDENCIES = $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+test_adds_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_adds_CFLAGS) \
+	$(CFLAGS) $(test_adds_LDFLAGS) $(LDFLAGS) -o $@
+am__test_atoi_strtoi_SOURCES_DIST = ../../lib/atoi/strtoi.c \
+	test_atoi_strtoi.c
+am_test_atoi_strtoi_OBJECTS = ../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT) \
+	test_atoi_strtoi-test_atoi_strtoi.$(OBJEXT)
+test_atoi_strtoi_OBJECTS = $(am_test_atoi_strtoi_OBJECTS)
+test_atoi_strtoi_DEPENDENCIES =  \
+	$(am__DEPENDENCIES_1)
+test_atoi_strtoi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_atoi_strtoi_CFLAGS) $(CFLAGS) \
+	$(test_atoi_strtoi_LDFLAGS) $(LDFLAGS) -o $@
+am__test_chkname_SOURCES_DIST = ../../lib/chkname.c test_chkname.c
+am_test_chkname_OBJECTS =  \
+	../../lib/test_chkname-chkname.$(OBJEXT) \
+	test_chkname-test_chkname.$(OBJEXT)
+test_chkname_OBJECTS = $(am_test_chkname_OBJECTS)
+test_chkname_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_chkname_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_chkname_CFLAGS) \
+	$(CFLAGS) $(test_chkname_LDFLAGS) $(LDFLAGS) -o $@
+am__test_logind_SOURCES_DIST = ../../lib/logind.c test_logind.c
+am_test_logind_OBJECTS =  \
+	../../lib/test_logind-logind.$(OBJEXT) \
+	test_logind-test_logind.$(OBJEXT)
+test_logind_OBJECTS = $(am_test_logind_OBJECTS)
+test_logind_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+test_logind_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_logind_CFLAGS) \
+	$(CFLAGS) $(test_logind_LDFLAGS) $(LDFLAGS) -o $@
+am__test_sprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_sprintf.c
+am_test_sprintf_OBJECTS = ../../lib/string/test_sprintf-sprintf.$(OBJEXT) \
+	test_sprintf-test_sprintf.$(OBJEXT)
+test_sprintf_OBJECTS = $(am_test_sprintf_OBJECTS)
+test_sprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_sprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_sprintf_CFLAGS) \
+	$(CFLAGS) $(test_sprintf_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strncpy_SOURCES_DIST = test_strncpy.c
+am_test_strncpy_OBJECTS =  \
+	test_strncpy-test_strncpy.$(OBJEXT)
+test_strncpy_OBJECTS = $(am_test_strncpy_OBJECTS)
+test_strncpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strncpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strncpy_CFLAGS) \
+	$(CFLAGS) $(test_strncpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strtcpy_SOURCES_DIST = ../../lib/string/strtcpy.c \
+	test_strtcpy.c
+am_test_strtcpy_OBJECTS = ../../lib/string/test_strtcpy-strtcpy.$(OBJEXT) \
+	test_strtcpy-test_strtcpy.$(OBJEXT)
+test_strtcpy_OBJECTS = $(am_test_strtcpy_OBJECTS)
+test_strtcpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strtcpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strtcpy_CFLAGS) \
+	$(CFLAGS) $(test_strtcpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_xasprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_xasprintf.c
+am_test_xasprintf_OBJECTS = ../../lib/string/test_xasprintf-sprintf.$(OBJEXT) \
+	test_xasprintf-test_xasprintf.$(OBJEXT)
+test_xasprintf_OBJECTS = $(am_test_xasprintf_OBJECTS)
+test_xasprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_xasprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_xasprintf_CFLAGS) $(CFLAGS) $(test_xasprintf_LDFLAGS) \
+	$(LDFLAGS) -o $@
+am__test_zustr2stp_SOURCES_DIST = test_zustr2stp.c
+am_test_zustr2stp_OBJECTS =  \
+	test_zustr2stp-test_zustr2stp.$(OBJEXT)
+test_zustr2stp_OBJECTS = $(am_test_zustr2stp_OBJECTS)
+test_zustr2stp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_zustr2stp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_zustr2stp_CFLAGS) $(CFLAGS) $(test_zustr2stp_LDFLAGS) \
+	$(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_$(V))
+am__v_P_ = $(am__v_P_$(AM_DEFAULT_VERBOSITY))
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ../../lib/$(DEPDIR)/test_adds-adds.Po \
+	../../lib/$(DEPDIR)/test_chkname-chkname.Po \
+	../../lib/$(DEPDIR)/test_logind-logind.Po \
+	../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po \
+	../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po \
+	../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po \
+	../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po \
+	./$(DEPDIR)/test_adds-test_adds.Po \
+	./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po \
+	./$(DEPDIR)/test_chkname-test_chkname.Po \
+	./$(DEPDIR)/test_logind-test_logind.Po \
+	./$(DEPDIR)/test_sprintf-test_sprintf.Po \
+	./$(DEPDIR)/test_strncpy-test_strncpy.Po \
+	./$(DEPDIR)/test_strtcpy-test_strtcpy.Po \
+	./$(DEPDIR)/test_xasprintf-test_xasprintf.Po \
+	./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(test_adds_SOURCES) $(test_atoi_strtoi_SOURCES) \
+	$(test_chkname_SOURCES) $(test_logind_SOURCES) \
+	$(test_sprintf_SOURCES) $(test_strncpy_SOURCES) \
+	$(test_strtcpy_SOURCES) $(test_xasprintf_SOURCES) \
+	$(test_zustr2stp_SOURCES)
+DIST_SOURCES = $(am__test_adds_SOURCES_DIST) \
+	$(am__test_atoi_strtoi_SOURCES_DIST) \
+	$(am__test_chkname_SOURCES_DIST) \
+	$(am__test_logind_SOURCES_DIST) \
+	$(am__test_sprintf_SOURCES_DIST) \
+	$(am__test_strncpy_SOURCES_DIST) \
+	$(am__test_strtcpy_SOURCES_DIST) \
+	$(am__test_xasprintf_SOURCES_DIST) \
+	$(am__test_zustr2stp_SOURCES_DIST)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS =  .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' aclocal-1.16
+AMTAR = $${TAR-tar}
+AM_DEFAULT_VERBOSITY = 0
+AR = ar
+AUTOCONF = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' autoconf
+AUTOHEADER = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' autoheader
+AUTOMAKE = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' automake-1.16
+AWK = gawk
+CC = gcc
+CCDEPMODE = depmode=gcc3
+CFLAGS = -O2 -Wall -Wextra -Werror=implicit-function-declaration -Werror=implicit-int -Werror=incompatible-pointer-types -Werror=int-conversion -Wno-expansion-to-defined -Wno-unknown-attributes -Wno-unknown-warning-option
+CMOCKA_CFLAGS = 
+CMOCKA_LIBS = -lcmocka 
+CPP = gcc -E
+CPPFLAGS = 
+CSCOPE = cscope
+CTAGS = ctags
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+DLLTOOL = false
+DSYMUTIL = 
+DUMPBIN = 
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+ECONF_CPPFLAGS = 
+EGREP = /usr/bin/grep -E
+ETAGS = etags
+EXEEXT = 
+FGREP = /usr/bin/grep -F
+FILECMD = file
+GETTEXT_MACRO_VERSION = 0.19
+GMSGFMT = /usr/bin/msgfmt
+GMSGFMT_015 = /usr/bin/msgfmt
+GREP = /usr/bin/grep
+GROUP_NAME_MAX_LENGTH = 32
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+INTLLIBS = 
+INTL_MACOSX_LIBS = 
+LD = /usr/bin/ld -m elf_x86_64
+LDFLAGS = 
+LIBACL = -lacl
+LIBADD_DL =  
+LIBADD_DLD_LINK = 
+LIBADD_DLOPEN = 
+LIBADD_SHL_LOAD = 
+LIBATTR = -lattr
+LIBAUDIT = -laudit
+LIBBSD = 
+LIBBSD_CFLAGS = -isystem /usr/include/x86_64-linux-gnu/bsd -DLIBBSD_OVERLAY 
+LIBBSD_LIBS = -lbsd 
+LIBCRYPT = -lcrypt
+LIBECONF = 
+LIBICONV = -liconv
+LIBINTL = 
+LIBMD = 
+LIBOBJS =  ${LIBOBJDIR}sgetgrent$U.o ${LIBOBJDIR}sgetpwent$U.o
+LIBPAM = 
+LIBS = -lbsd 
+LIBSELINUX = -lselinux
+LIBSEMANAGE = -lsemanage
+LIBSKEY = 
+LIBSUBID_ABI = 4.0.0
+LIBSUBID_ABI_MAJOR = 4
+LIBSUBID_ABI_MICRO = 0
+LIBSUBID_ABI_MINOR = 0
+LIBSYSTEMD = -lsystemd
+LIBTCB = 
+LIBTOOL = $(SHELL) $(top_builddir)/libtool
+LIPO = 
+LIYESCRYPT = -lcrypt
+LN_S = ln -s
+LTLIBICONV = -liconv
+LTLIBINTL = 
+LTLIBOBJS =  ${LIBOBJDIR}sgetgrent$U.lo ${LIBOBJDIR}sgetpwent$U.lo
+LT_DLLOADERS =  dlopen.la
+LT_DLPREOPEN = -dlpreopen dlopen.la 
+LT_SYS_LIBRARY_PATH = 
+MAINT = 
+MAKEINFO = ${SHELL} '/home/alx/src/shadow/stable/shadow/4.15.2/missing' makeinfo
+MANIFEST_TOOL = :
+MKDIR_P = /usr/bin/mkdir -p
+MSGFMT = /usr/bin/msgfmt
+MSGFMT_015 = /usr/bin/msgfmt
+MSGMERGE = /usr/bin/msgmerge
+NM = /usr/bin/nm -B
+NMEDIT = 
+OBJDUMP = objdump
+OBJEXT = o
+OTOOL = 
+OTOOL64 = 
+PACKAGE = shadow
+PACKAGE_BUGREPORT = pkg-shadow-devel@lists.alioth.debian.org
+PACKAGE_NAME = shadow
+PACKAGE_STRING = shadow 4.15.2
+PACKAGE_TARNAME = shadow
+PACKAGE_URL = https://github.com/shadow-maint/shadow
+PACKAGE_VERSION = 4.15.2
+PATH_SEPARATOR = :
+PKG_CONFIG = /usr/bin/pkg-config
+PKG_CONFIG_LIBDIR = 
+PKG_CONFIG_PATH = 
+POSUB = po
+RANLIB = ranlib
+SED = /usr/bin/sed
+SET_MAKE = 
+SHELL = /bin/bash
+STRIP = strip
+USE_NLS = yes
+VENDORDIR = 
+VERSION = 4.15.2
+XGETTEXT = /usr/bin/xgettext
+XGETTEXT_015 = /usr/bin/xgettext
+XGETTEXT_EXTRA_OPTIONS = 
+XMLCATALOG = /usr/bin/xmlcatalog
+XML_CATALOG_FILE = /etc/xml/catalog
+XSLTPROC = /usr/bin/xsltproc
+YACC = bison -y
+YFLAGS = 
+abs_builddir = /home/alx/src/shadow/stable/shadow/4.15.2/tests/unit
+abs_srcdir = /home/alx/src/shadow/stable/shadow/4.15.2/tests/unit
+abs_top_builddir = /home/alx/src/shadow/stable/shadow/4.15.2
+abs_top_srcdir = /home/alx/src/shadow/stable/shadow/4.15.2
+ac_ct_AR = ar
+ac_ct_CC = gcc
+ac_ct_DUMPBIN = 
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = tar --format=posix -chf - "$$tardir"
+am__untar = tar -xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-pc-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+capcmd = 
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = 
+host = x86_64-pc-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /home/alx/src/shadow/stable/shadow/4.15.2/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = $(MKDIR_P)
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr
+program_transform_name = s,x,x,
+psdir = ${docdir}
+runstatedir = ${localstatedir}/run
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../../
+top_builddir = ../..
+top_srcdir = ../..
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+TESTS = $(check_PROGRAMS)
+test_adds_SOURCES = \
+    ../../lib/adds.c \
+    test_adds.c \
+    $(NULL)
+
+test_adds_CFLAGS = \
+    $(AM_FLAGS) \
+    $(NULL)
+
+test_adds_LDFLAGS = \
+    $(NULL)
+
+test_adds_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_atoi_strtoi_SOURCES = \
+    ../../lib/atoi/strtoi.c \
+    test_atoi_strtoi.c \
+    $(NULL)
+
+test_atoi_strtoi_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_atoi_strtoi_LDFLAGS = \
+    $(NULL)
+
+test_atoi_strtoi_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_chkname_SOURCES = \
+    ../../lib/chkname.c \
+    test_chkname.c \
+    $(NULL)
+
+test_chkname_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_chkname_LDFLAGS = \
+    $(NULL)
+
+test_chkname_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_logind_SOURCES = \
+    ../../lib/logind.c \
+    test_logind.c \
+    $(NULL)
+
+test_logind_CFLAGS = \
+    $(AM_CFLAGS) \
+    -lsystemd \
+    $(NULL)
+
+test_logind_LDFLAGS = \
+    -Wl,-wrap,prefix_getpwnam \
+    -Wl,-wrap,sd_uid_get_sessions \
+    $(NULL)
+
+test_logind_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(LIBSYSTEMD) \
+    $(NULL)
+
+test_sprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_sprintf.c \
+    $(NULL)
+
+test_sprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_sprintf_LDFLAGS = \
+    $(NULL)
+
+test_sprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strncpy_SOURCES = \
+    test_strncpy.c \
+    $(NULL)
+
+test_strncpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_strncpy_LDFLAGS = \
+    $(NULL)
+
+test_strncpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strtcpy_SOURCES = \
+    ../../lib/string/strtcpy.c \
+    test_strtcpy.c \
+    $(NULL)
+
+test_strtcpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_strtcpy_LDFLAGS = \
+    $(NULL)
+
+test_strtcpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_xasprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_xasprintf.c \
+    $(NULL)
+
+test_xasprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_xasprintf_LDFLAGS = \
+    -Wl,-wrap,vasprintf \
+    -Wl,-wrap,exit \
+    $(NULL)
+
+test_xasprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_zustr2stp_SOURCES = \
+    test_zustr2stp.c \
+    $(NULL)
+
+test_zustr2stp_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+
+test_zustr2stp_LDFLAGS = \
+    $(NULL)
+
+test_zustr2stp_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/unit/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/unit/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+../../lib/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib
+	@: > ../../lib/$(am__dirstamp)
+../../lib/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/$(DEPDIR)
+	@: > ../../lib/$(DEPDIR)/$(am__dirstamp)
+../../lib/test_adds-adds.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_adds$(EXEEXT): $(test_adds_OBJECTS) $(test_adds_DEPENDENCIES) $(EXTRA_test_adds_DEPENDENCIES) 
+	@rm -f test_adds$(EXEEXT)
+	$(AM_V_CCLD)$(test_adds_LINK) $(test_adds_OBJECTS) $(test_adds_LDADD) $(LIBS)
+../../lib/atoi/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi
+	@: > ../../lib/atoi/$(am__dirstamp)
+../../lib/atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi/$(DEPDIR)
+	@: > ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT):  \
+	../../lib/atoi/$(am__dirstamp) \
+	../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+
+test_atoi_strtoi$(EXEEXT): $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_DEPENDENCIES) $(EXTRA_test_atoi_strtoi_DEPENDENCIES) 
+	@rm -f test_atoi_strtoi$(EXEEXT)
+	$(AM_V_CCLD)$(test_atoi_strtoi_LINK) $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_LDADD) $(LIBS)
+../../lib/test_chkname-chkname.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_chkname$(EXEEXT): $(test_chkname_OBJECTS) $(test_chkname_DEPENDENCIES) $(EXTRA_test_chkname_DEPENDENCIES) 
+	@rm -f test_chkname$(EXEEXT)
+	$(AM_V_CCLD)$(test_chkname_LINK) $(test_chkname_OBJECTS) $(test_chkname_LDADD) $(LIBS)
+../../lib/test_logind-logind.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_logind$(EXEEXT): $(test_logind_OBJECTS) $(test_logind_DEPENDENCIES) $(EXTRA_test_logind_DEPENDENCIES) 
+	@rm -f test_logind$(EXEEXT)
+	$(AM_V_CCLD)$(test_logind_LINK) $(test_logind_OBJECTS) $(test_logind_LDADD) $(LIBS)
+../../lib/string/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string
+	@: > ../../lib/string/$(am__dirstamp)
+../../lib/string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string/$(DEPDIR)
+	@: > ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+../../lib/string/test_sprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_sprintf$(EXEEXT): $(test_sprintf_OBJECTS) $(test_sprintf_DEPENDENCIES) $(EXTRA_test_sprintf_DEPENDENCIES) 
+	@rm -f test_sprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_sprintf_LINK) $(test_sprintf_OBJECTS) $(test_sprintf_LDADD) $(LIBS)
+
+test_strncpy$(EXEEXT): $(test_strncpy_OBJECTS) $(test_strncpy_DEPENDENCIES) $(EXTRA_test_strncpy_DEPENDENCIES) 
+	@rm -f test_strncpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strncpy_LINK) $(test_strncpy_OBJECTS) $(test_strncpy_LDADD) $(LIBS)
+../../lib/string/test_strtcpy-strtcpy.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_strtcpy$(EXEEXT): $(test_strtcpy_OBJECTS) $(test_strtcpy_DEPENDENCIES) $(EXTRA_test_strtcpy_DEPENDENCIES) 
+	@rm -f test_strtcpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strtcpy_LINK) $(test_strtcpy_OBJECTS) $(test_strtcpy_LDADD) $(LIBS)
+../../lib/string/test_xasprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_xasprintf$(EXEEXT): $(test_xasprintf_OBJECTS) $(test_xasprintf_DEPENDENCIES) $(EXTRA_test_xasprintf_DEPENDENCIES) 
+	@rm -f test_xasprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_xasprintf_LINK) $(test_xasprintf_OBJECTS) $(test_xasprintf_LDADD) $(LIBS)
+
+test_zustr2stp$(EXEEXT): $(test_zustr2stp_OBJECTS) $(test_zustr2stp_DEPENDENCIES) $(EXTRA_test_zustr2stp_DEPENDENCIES) 
+	@rm -f test_zustr2stp$(EXEEXT)
+	$(AM_V_CCLD)$(test_zustr2stp_LINK) $(test_zustr2stp_OBJECTS) $(test_zustr2stp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f ../../lib/*.$(OBJEXT)
+	-rm -f ../../lib/atoi/*.$(OBJEXT)
+	-rm -f ../../lib/string/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ../../lib/$(DEPDIR)/test_adds-adds.Po # am--include-marker
+include ../../lib/$(DEPDIR)/test_chkname-chkname.Po # am--include-marker
+include ../../lib/$(DEPDIR)/test_logind-logind.Po # am--include-marker
+include ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po # am--include-marker
+include ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po # am--include-marker
+include ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po # am--include-marker
+include ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po # am--include-marker
+include ./$(DEPDIR)/test_adds-test_adds.Po # am--include-marker
+include ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po # am--include-marker
+include ./$(DEPDIR)/test_chkname-test_chkname.Po # am--include-marker
+include ./$(DEPDIR)/test_logind-test_logind.Po # am--include-marker
+include ./$(DEPDIR)/test_sprintf-test_sprintf.Po # am--include-marker
+include ./$(DEPDIR)/test_strncpy-test_strncpy.Po # am--include-marker
+include ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po # am--include-marker
+include ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po # am--include-marker
+include ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+	$(am__mv) $$depbase.Tpo $$depbase.Po
+#	$(AM_V_CC)source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+	$(am__mv) $$depbase.Tpo $$depbase.Po
+#	$(AM_V_CC)source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+	$(am__mv) $$depbase.Tpo $$depbase.Plo
+#	$(AM_V_CC)source='$<' object='$@' libtool=yes \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(LTCOMPILE) -c -o $@ $<
+
+../../lib/test_adds-adds.o: ../../lib/adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.o -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+#	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+
+../../lib/test_adds-adds.obj: ../../lib/adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+#	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+
+test_adds-test_adds.o: test_adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.o -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+#	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+
+test_adds-test_adds.obj: test_adds.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.obj -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+#	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+
+../../lib/atoi/test_atoi_strtoi-strtoi.o: ../../lib/atoi/strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.o -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+#	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+
+../../lib/atoi/test_atoi_strtoi-strtoi.obj: ../../lib/atoi/strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.obj -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+#	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+
+test_atoi_strtoi-test_atoi_strtoi.o: test_atoi_strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.o -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+#	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+
+test_atoi_strtoi-test_atoi_strtoi.obj: test_atoi_strtoi.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.obj -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+#	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+
+../../lib/test_chkname-chkname.o: ../../lib/chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.o -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+#	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+
+../../lib/test_chkname-chkname.obj: ../../lib/chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+#	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+
+test_chkname-test_chkname.o: test_chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.o -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+#	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+
+test_chkname-test_chkname.obj: test_chkname.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.obj -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+#	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+
+../../lib/test_logind-logind.o: ../../lib/logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.o -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+#	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+
+../../lib/test_logind-logind.obj: ../../lib/logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+#	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+
+test_logind-test_logind.o: test_logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.o -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+#	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+
+test_logind-test_logind.obj: test_logind.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.obj -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+#	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+
+../../lib/string/test_sprintf-sprintf.o: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_sprintf-sprintf.obj: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_sprintf-test_sprintf.o: test_sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.o -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+#	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+
+test_sprintf-test_sprintf.obj: test_sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.obj -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+#	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+
+test_strncpy-test_strncpy.o: test_strncpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.o -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+#	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+
+test_strncpy-test_strncpy.obj: test_strncpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.obj -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+#	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+
+../../lib/string/test_strtcpy-strtcpy.o: ../../lib/string/strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+#	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+
+../../lib/string/test_strtcpy-strtcpy.obj: ../../lib/string/strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+#	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+
+test_strtcpy-test_strtcpy.o: test_strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.o -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+#	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+
+test_strtcpy-test_strtcpy.obj: test_strtcpy.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.obj -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+#	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+
+../../lib/string/test_xasprintf-sprintf.o: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_xasprintf-sprintf.obj: ../../lib/string/sprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+#	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_xasprintf-test_xasprintf.o: test_xasprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.o -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+#	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+
+test_xasprintf-test_xasprintf.obj: test_xasprintf.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.obj -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+#	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+
+test_zustr2stp-test_zustr2stp.o: test_zustr2stp.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.o -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+#	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.o' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+
+test_zustr2stp-test_zustr2stp.obj: test_zustr2stp.c
+	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.obj -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+#	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.obj' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(AM_V_CC_no)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+test_adds.log: test_adds$(EXEEXT)
+	@p='test_adds$(EXEEXT)'; \
+	b='test_adds'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_atoi_strtoi.log: test_atoi_strtoi$(EXEEXT)
+	@p='test_atoi_strtoi$(EXEEXT)'; \
+	b='test_atoi_strtoi'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_chkname.log: test_chkname$(EXEEXT)
+	@p='test_chkname$(EXEEXT)'; \
+	b='test_chkname'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_sprintf.log: test_sprintf$(EXEEXT)
+	@p='test_sprintf$(EXEEXT)'; \
+	b='test_sprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strncpy.log: test_strncpy$(EXEEXT)
+	@p='test_strncpy$(EXEEXT)'; \
+	b='test_strncpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strtcpy.log: test_strtcpy$(EXEEXT)
+	@p='test_strtcpy$(EXEEXT)'; \
+	b='test_strtcpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_xasprintf.log: test_xasprintf$(EXEEXT)
+	@p='test_xasprintf$(EXEEXT)'; \
+	b='test_xasprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_zustr2stp.log: test_zustr2stp$(EXEEXT)
+	@p='test_zustr2stp$(EXEEXT)'; \
+	b='test_zustr2stp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_logind.log: test_logind$(EXEEXT)
+	@p='test_logind$(EXEEXT)'; \
+	b='test_logind'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+#.test$(EXEEXT).log:
+#	@p='$<'; \
+#	$(am__set_b); \
+#	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+#	--log-file $$b.log --trs-file $$b.trs \
+#	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+#	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f ../../lib/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(am__dirstamp)
+	-rm -f ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/string/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/tests/unit/Makefile.am b/tests/tests/unit/Makefile.am
new file mode 100644
index 0000000..d89367a
--- /dev/null
+++ b/tests/tests/unit/Makefile.am
@@ -0,0 +1,145 @@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+
+if HAVE_CMOCKA
+TESTS = $(check_PROGRAMS)
+
+check_PROGRAMS = \
+    test_adds \
+    test_atoi_strtoi \
+    test_chkname \
+    test_sprintf \
+    test_strncpy \
+    test_strtcpy \
+    test_xasprintf \
+    test_zustr2stp
+
+if ENABLE_LOGIND
+check_PROGRAMS += \
+    test_logind
+endif # ENABLE_LOGIND
+
+check_PROGRAMS += \
+    $(NULL)
+
+test_adds_SOURCES = \
+    ../../lib/adds.c \
+    test_adds.c \
+    $(NULL)
+test_adds_CFLAGS = \
+    $(AM_FLAGS) \
+    $(NULL)
+test_adds_LDFLAGS = \
+    $(NULL)
+test_adds_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_atoi_strtoi_SOURCES = \
+    ../../lib/atoi/strtoi.c \
+    test_atoi_strtoi.c \
+    $(NULL)
+test_atoi_strtoi_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_atoi_strtoi_LDFLAGS = \
+    $(NULL)
+test_atoi_strtoi_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_chkname_SOURCES = \
+    ../../lib/chkname.c \
+    test_chkname.c \
+    $(NULL)
+test_chkname_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_chkname_LDFLAGS = \
+    $(NULL)
+test_chkname_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_logind_SOURCES = \
+    ../../lib/logind.c \
+    test_logind.c \
+    $(NULL)
+test_logind_CFLAGS = \
+    $(AM_CFLAGS) \
+    -lsystemd \
+    $(NULL)
+test_logind_LDFLAGS = \
+    -Wl,-wrap,prefix_getpwnam \
+    -Wl,-wrap,sd_uid_get_sessions \
+    $(NULL)
+test_logind_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(LIBSYSTEMD) \
+    $(NULL)
+
+test_sprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_sprintf.c \
+    $(NULL)
+test_sprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_sprintf_LDFLAGS = \
+    $(NULL)
+test_sprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strncpy_SOURCES = \
+    test_strncpy.c \
+    $(NULL)
+test_strncpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strncpy_LDFLAGS = \
+    $(NULL)
+test_strncpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strtcpy_SOURCES = \
+    ../../lib/string/strtcpy.c \
+    test_strtcpy.c \
+    $(NULL)
+test_strtcpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strtcpy_LDFLAGS = \
+    $(NULL)
+test_strtcpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_xasprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_xasprintf.c \
+    $(NULL)
+test_xasprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_xasprintf_LDFLAGS = \
+    -Wl,-wrap,vasprintf \
+    -Wl,-wrap,exit \
+    $(NULL)
+test_xasprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_zustr2stp_SOURCES = \
+    test_zustr2stp.c \
+    $(NULL)
+test_zustr2stp_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_zustr2stp_LDFLAGS = \
+    $(NULL)
+test_zustr2stp_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+endif # HAVE_CMOCKA
diff --git a/tests/tests/unit/Makefile.in b/tests/tests/unit/Makefile.in
new file mode 100644
index 0000000..108070c
--- /dev/null
+++ b/tests/tests/unit/Makefile.in
@@ -0,0 +1,1702 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_CMOCKA_TRUE@check_PROGRAMS = test_adds$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname$(EXEEXT) test_sprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_strncpy$(EXEEXT) test_strtcpy$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp$(EXEEXT) $(am__EXEEXT_1)
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__append_1 = \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@    test_logind
+
+subdir = tests/unit
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__EXEEXT_1 =  \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@	test_logind$(EXEEXT)
+am__test_adds_SOURCES_DIST = ../../lib/adds.c test_adds.c
+am__dirstamp = $(am__leading_dot)dirstamp
+@HAVE_CMOCKA_TRUE@am_test_adds_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_adds-adds.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_adds-test_adds.$(OBJEXT)
+test_adds_OBJECTS = $(am_test_adds_OBJECTS)
+am__DEPENDENCIES_1 =
+@HAVE_CMOCKA_TRUE@test_adds_DEPENDENCIES = $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+test_adds_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_adds_CFLAGS) \
+	$(CFLAGS) $(test_adds_LDFLAGS) $(LDFLAGS) -o $@
+am__test_atoi_strtoi_SOURCES_DIST = ../../lib/atoi/strtoi.c \
+	test_atoi_strtoi.c
+@HAVE_CMOCKA_TRUE@am_test_atoi_strtoi_OBJECTS = ../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi-test_atoi_strtoi.$(OBJEXT)
+test_atoi_strtoi_OBJECTS = $(am_test_atoi_strtoi_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_DEPENDENCIES =  \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_atoi_strtoi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_atoi_strtoi_CFLAGS) $(CFLAGS) \
+	$(test_atoi_strtoi_LDFLAGS) $(LDFLAGS) -o $@
+am__test_chkname_SOURCES_DIST = ../../lib/chkname.c test_chkname.c
+@HAVE_CMOCKA_TRUE@am_test_chkname_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_chkname-chkname.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname-test_chkname.$(OBJEXT)
+test_chkname_OBJECTS = $(am_test_chkname_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_chkname_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_chkname_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_chkname_CFLAGS) \
+	$(CFLAGS) $(test_chkname_LDFLAGS) $(LDFLAGS) -o $@
+am__test_logind_SOURCES_DIST = ../../lib/logind.c test_logind.c
+@HAVE_CMOCKA_TRUE@am_test_logind_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_logind-logind.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_logind-test_logind.$(OBJEXT)
+test_logind_OBJECTS = $(am_test_logind_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_logind_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_logind_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_logind_CFLAGS) \
+	$(CFLAGS) $(test_logind_LDFLAGS) $(LDFLAGS) -o $@
+am__test_sprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_sprintf.c
+@HAVE_CMOCKA_TRUE@am_test_sprintf_OBJECTS = ../../lib/string/test_sprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_sprintf-test_sprintf.$(OBJEXT)
+test_sprintf_OBJECTS = $(am_test_sprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_sprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_sprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_sprintf_CFLAGS) \
+	$(CFLAGS) $(test_sprintf_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strncpy_SOURCES_DIST = test_strncpy.c
+@HAVE_CMOCKA_TRUE@am_test_strncpy_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_strncpy-test_strncpy.$(OBJEXT)
+test_strncpy_OBJECTS = $(am_test_strncpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strncpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strncpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strncpy_CFLAGS) \
+	$(CFLAGS) $(test_strncpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strtcpy_SOURCES_DIST = ../../lib/string/strtcpy.c \
+	test_strtcpy.c
+@HAVE_CMOCKA_TRUE@am_test_strtcpy_OBJECTS = ../../lib/string/test_strtcpy-strtcpy.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_strtcpy-test_strtcpy.$(OBJEXT)
+test_strtcpy_OBJECTS = $(am_test_strtcpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strtcpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strtcpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strtcpy_CFLAGS) \
+	$(CFLAGS) $(test_strtcpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_xasprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_xasprintf.c
+@HAVE_CMOCKA_TRUE@am_test_xasprintf_OBJECTS = ../../lib/string/test_xasprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf-test_xasprintf.$(OBJEXT)
+test_xasprintf_OBJECTS = $(am_test_xasprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_xasprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_xasprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_xasprintf_CFLAGS) $(CFLAGS) $(test_xasprintf_LDFLAGS) \
+	$(LDFLAGS) -o $@
+am__test_zustr2stp_SOURCES_DIST = test_zustr2stp.c
+@HAVE_CMOCKA_TRUE@am_test_zustr2stp_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp-test_zustr2stp.$(OBJEXT)
+test_zustr2stp_OBJECTS = $(am_test_zustr2stp_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_zustr2stp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_zustr2stp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_zustr2stp_CFLAGS) $(CFLAGS) $(test_zustr2stp_LDFLAGS) \
+	$(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ../../lib/$(DEPDIR)/test_adds-adds.Po \
+	../../lib/$(DEPDIR)/test_chkname-chkname.Po \
+	../../lib/$(DEPDIR)/test_logind-logind.Po \
+	../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po \
+	../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po \
+	../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po \
+	../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po \
+	./$(DEPDIR)/test_adds-test_adds.Po \
+	./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po \
+	./$(DEPDIR)/test_chkname-test_chkname.Po \
+	./$(DEPDIR)/test_logind-test_logind.Po \
+	./$(DEPDIR)/test_sprintf-test_sprintf.Po \
+	./$(DEPDIR)/test_strncpy-test_strncpy.Po \
+	./$(DEPDIR)/test_strtcpy-test_strtcpy.Po \
+	./$(DEPDIR)/test_xasprintf-test_xasprintf.Po \
+	./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(test_adds_SOURCES) $(test_atoi_strtoi_SOURCES) \
+	$(test_chkname_SOURCES) $(test_logind_SOURCES) \
+	$(test_sprintf_SOURCES) $(test_strncpy_SOURCES) \
+	$(test_strtcpy_SOURCES) $(test_xasprintf_SOURCES) \
+	$(test_zustr2stp_SOURCES)
+DIST_SOURCES = $(am__test_adds_SOURCES_DIST) \
+	$(am__test_atoi_strtoi_SOURCES_DIST) \
+	$(am__test_chkname_SOURCES_DIST) \
+	$(am__test_logind_SOURCES_DIST) \
+	$(am__test_sprintf_SOURCES_DIST) \
+	$(am__test_strncpy_SOURCES_DIST) \
+	$(am__test_strtcpy_SOURCES_DIST) \
+	$(am__test_xasprintf_SOURCES_DIST) \
+	$(am__test_zustr2stp_SOURCES_DIST)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
+LIBCRYPT = @LIBCRYPT@
+LIBECONF = @LIBECONF@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBSUBID_ABI = @LIBSUBID_ABI@
+LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
+LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
+LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LIYESCRYPT = @LIYESCRYPT@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VENDORDIR = @VENDORDIR@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+capcmd = @capcmd@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+@HAVE_CMOCKA_TRUE@TESTS = $(check_PROGRAMS)
+@HAVE_CMOCKA_TRUE@test_adds_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/adds.c \
+@HAVE_CMOCKA_TRUE@    test_adds.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_FLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/atoi/strtoi.c \
+@HAVE_CMOCKA_TRUE@    test_atoi_strtoi.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/chkname.c \
+@HAVE_CMOCKA_TRUE@    test_chkname.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/logind.c \
+@HAVE_CMOCKA_TRUE@    test_logind.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    -lsystemd \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,prefix_getpwnam \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,sd_uid_get_sessions \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(LIBSYSTEMD) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_sprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_strncpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/strtcpy.c \
+@HAVE_CMOCKA_TRUE@    test_strtcpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_xasprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,vasprintf \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,exit \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_zustr2stp.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/unit/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/unit/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+../../lib/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib
+	@: > ../../lib/$(am__dirstamp)
+../../lib/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/$(DEPDIR)
+	@: > ../../lib/$(DEPDIR)/$(am__dirstamp)
+../../lib/test_adds-adds.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_adds$(EXEEXT): $(test_adds_OBJECTS) $(test_adds_DEPENDENCIES) $(EXTRA_test_adds_DEPENDENCIES) 
+	@rm -f test_adds$(EXEEXT)
+	$(AM_V_CCLD)$(test_adds_LINK) $(test_adds_OBJECTS) $(test_adds_LDADD) $(LIBS)
+../../lib/atoi/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi
+	@: > ../../lib/atoi/$(am__dirstamp)
+../../lib/atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi/$(DEPDIR)
+	@: > ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT):  \
+	../../lib/atoi/$(am__dirstamp) \
+	../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+
+test_atoi_strtoi$(EXEEXT): $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_DEPENDENCIES) $(EXTRA_test_atoi_strtoi_DEPENDENCIES) 
+	@rm -f test_atoi_strtoi$(EXEEXT)
+	$(AM_V_CCLD)$(test_atoi_strtoi_LINK) $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_LDADD) $(LIBS)
+../../lib/test_chkname-chkname.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_chkname$(EXEEXT): $(test_chkname_OBJECTS) $(test_chkname_DEPENDENCIES) $(EXTRA_test_chkname_DEPENDENCIES) 
+	@rm -f test_chkname$(EXEEXT)
+	$(AM_V_CCLD)$(test_chkname_LINK) $(test_chkname_OBJECTS) $(test_chkname_LDADD) $(LIBS)
+../../lib/test_logind-logind.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_logind$(EXEEXT): $(test_logind_OBJECTS) $(test_logind_DEPENDENCIES) $(EXTRA_test_logind_DEPENDENCIES) 
+	@rm -f test_logind$(EXEEXT)
+	$(AM_V_CCLD)$(test_logind_LINK) $(test_logind_OBJECTS) $(test_logind_LDADD) $(LIBS)
+../../lib/string/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string
+	@: > ../../lib/string/$(am__dirstamp)
+../../lib/string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string/$(DEPDIR)
+	@: > ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+../../lib/string/test_sprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_sprintf$(EXEEXT): $(test_sprintf_OBJECTS) $(test_sprintf_DEPENDENCIES) $(EXTRA_test_sprintf_DEPENDENCIES) 
+	@rm -f test_sprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_sprintf_LINK) $(test_sprintf_OBJECTS) $(test_sprintf_LDADD) $(LIBS)
+
+test_strncpy$(EXEEXT): $(test_strncpy_OBJECTS) $(test_strncpy_DEPENDENCIES) $(EXTRA_test_strncpy_DEPENDENCIES) 
+	@rm -f test_strncpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strncpy_LINK) $(test_strncpy_OBJECTS) $(test_strncpy_LDADD) $(LIBS)
+../../lib/string/test_strtcpy-strtcpy.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_strtcpy$(EXEEXT): $(test_strtcpy_OBJECTS) $(test_strtcpy_DEPENDENCIES) $(EXTRA_test_strtcpy_DEPENDENCIES) 
+	@rm -f test_strtcpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strtcpy_LINK) $(test_strtcpy_OBJECTS) $(test_strtcpy_LDADD) $(LIBS)
+../../lib/string/test_xasprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_xasprintf$(EXEEXT): $(test_xasprintf_OBJECTS) $(test_xasprintf_DEPENDENCIES) $(EXTRA_test_xasprintf_DEPENDENCIES) 
+	@rm -f test_xasprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_xasprintf_LINK) $(test_xasprintf_OBJECTS) $(test_xasprintf_LDADD) $(LIBS)
+
+test_zustr2stp$(EXEEXT): $(test_zustr2stp_OBJECTS) $(test_zustr2stp_DEPENDENCIES) $(EXTRA_test_zustr2stp_DEPENDENCIES) 
+	@rm -f test_zustr2stp$(EXEEXT)
+	$(AM_V_CCLD)$(test_zustr2stp_LINK) $(test_zustr2stp_OBJECTS) $(test_zustr2stp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f ../../lib/*.$(OBJEXT)
+	-rm -f ../../lib/atoi/*.$(OBJEXT)
+	-rm -f ../../lib/string/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_adds-adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_chkname-chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_logind-logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_adds-test_adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_chkname-test_chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_logind-test_logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_sprintf-test_sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strncpy-test_strncpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strtcpy-test_strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_xasprintf-test_xasprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+../../lib/test_adds-adds.o: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.o -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+
+../../lib/test_adds-adds.obj: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+
+test_adds-test_adds.o: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.o -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+
+test_adds-test_adds.obj: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.obj -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+
+../../lib/atoi/test_atoi_strtoi-strtoi.o: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.o -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+
+../../lib/atoi/test_atoi_strtoi-strtoi.obj: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.obj -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+
+test_atoi_strtoi-test_atoi_strtoi.o: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.o -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+
+test_atoi_strtoi-test_atoi_strtoi.obj: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.obj -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+
+../../lib/test_chkname-chkname.o: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.o -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+
+../../lib/test_chkname-chkname.obj: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+
+test_chkname-test_chkname.o: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.o -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+
+test_chkname-test_chkname.obj: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.obj -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+
+../../lib/test_logind-logind.o: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.o -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+
+../../lib/test_logind-logind.obj: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+
+test_logind-test_logind.o: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.o -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+
+test_logind-test_logind.obj: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.obj -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+
+../../lib/string/test_sprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_sprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_sprintf-test_sprintf.o: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.o -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+
+test_sprintf-test_sprintf.obj: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.obj -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+
+test_strncpy-test_strncpy.o: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.o -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+
+test_strncpy-test_strncpy.obj: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.obj -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+
+../../lib/string/test_strtcpy-strtcpy.o: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+
+../../lib/string/test_strtcpy-strtcpy.obj: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+
+test_strtcpy-test_strtcpy.o: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.o -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+
+test_strtcpy-test_strtcpy.obj: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.obj -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+
+../../lib/string/test_xasprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_xasprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_xasprintf-test_xasprintf.o: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.o -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+
+test_xasprintf-test_xasprintf.obj: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.obj -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+
+test_zustr2stp-test_zustr2stp.o: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.o -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+
+test_zustr2stp-test_zustr2stp.obj: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.obj -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+test_adds.log: test_adds$(EXEEXT)
+	@p='test_adds$(EXEEXT)'; \
+	b='test_adds'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_atoi_strtoi.log: test_atoi_strtoi$(EXEEXT)
+	@p='test_atoi_strtoi$(EXEEXT)'; \
+	b='test_atoi_strtoi'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_chkname.log: test_chkname$(EXEEXT)
+	@p='test_chkname$(EXEEXT)'; \
+	b='test_chkname'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_sprintf.log: test_sprintf$(EXEEXT)
+	@p='test_sprintf$(EXEEXT)'; \
+	b='test_sprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strncpy.log: test_strncpy$(EXEEXT)
+	@p='test_strncpy$(EXEEXT)'; \
+	b='test_strncpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strtcpy.log: test_strtcpy$(EXEEXT)
+	@p='test_strtcpy$(EXEEXT)'; \
+	b='test_strtcpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_xasprintf.log: test_xasprintf$(EXEEXT)
+	@p='test_xasprintf$(EXEEXT)'; \
+	b='test_xasprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_zustr2stp.log: test_zustr2stp$(EXEEXT)
+	@p='test_zustr2stp$(EXEEXT)'; \
+	b='test_zustr2stp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_logind.log: test_logind$(EXEEXT)
+	@p='test_logind$(EXEEXT)'; \
+	b='test_logind'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f ../../lib/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(am__dirstamp)
+	-rm -f ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/string/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/tests/unit/test_adds.c b/tests/tests/unit/test_adds.c
new file mode 100644
index 0000000..fdc671f
--- /dev/null
+++ b/tests/tests/unit/test_adds.c
@@ -0,0 +1,105 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <limits.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "adds.h"
+
+
+static void test_addsl_2_ok(void **state);
+static void test_addsl_2_underflow(void **state);
+static void test_addsl_2_overflow(void **state);
+static void test_addsl_3_ok(void **state);
+static void test_addsl_3_underflow(void **state);
+static void test_addsl_3_overflow(void **state);
+static void test_addsl_5_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_addsl_2_ok),
+        cmocka_unit_test(test_addsl_2_underflow),
+        cmocka_unit_test(test_addsl_2_overflow),
+        cmocka_unit_test(test_addsl_3_ok),
+        cmocka_unit_test(test_addsl_3_underflow),
+        cmocka_unit_test(test_addsl_3_overflow),
+        cmocka_unit_test(test_addsl_5_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_addsl_2_ok(void **state)
+{
+	assert_true(addsl(1, 3)			== 1 + 3);
+	assert_true(addsl(-4321, 7)		== -4321 + 7);
+	assert_true(addsl(1, 1)			== 1 + 1);
+	assert_true(addsl(-1, -2)		== -1 - 2);
+	assert_true(addsl(LONG_MAX, -1)		== LONG_MAX - 1);
+	assert_true(addsl(LONG_MIN, 1)		== LONG_MIN + 1);
+	assert_true(addsl(LONG_MIN, LONG_MAX)	== LONG_MIN + LONG_MAX);
+	assert_true(addsl(0, 0)			== 0);
+}
+
+
+static void
+test_addsl_2_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, -1)		== LONG_MIN);
+	assert_true(addsl(LONG_MIN + 3, -7)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, LONG_MIN)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_2_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, 1)		== LONG_MAX);
+	assert_true(addsl(LONG_MAX - 3, 7)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX)	== LONG_MAX);
+}
+
+
+static void
+test_addsl_3_ok(void **state)
+{
+	assert_true(addsl(1, 2, 3)		== 1 + 2 + 3);
+	assert_true(addsl(LONG_MIN, -3, 4)	== LONG_MIN + 4 - 3);
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN)
+						== LONG_MAX + LONG_MIN + LONG_MAX);
+}
+
+
+static void
+test_addsl_3_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, 2, -3)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, -1, 0)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_3_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, -1, 2)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, +1, 0)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX, 0)== LONG_MAX);
+}
+
+
+static void
+test_addsl_5_ok(void **state)
+{
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN, 44) == 42);
+}
diff --git a/tests/tests/unit/test_atoi_strtoi.c b/tests/tests/unit/test_atoi_strtoi.c
new file mode 100644
index 0000000..535b6ab
--- /dev/null
+++ b/tests/tests/unit/test_atoi_strtoi.c
@@ -0,0 +1,157 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "atoi/strtoi.h"
+#include "atoi/strtou_noneg.h"
+
+
+static void test_strtoi(void **state);
+static void test_strtou(void **state);
+static void test_strtou_noneg(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_strtoi),
+        cmocka_unit_test(test_strtou),
+        cmocka_unit_test(test_strtou_noneg),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_strtoi(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtoi_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtoi_("40", &end, 5, INTMAX_MIN, INTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("-40", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == -40);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_("40", &end, 5, 0, UINTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("-40", &end, 0, 0, UINTMAX_MAX, &status) == -40ull);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("z", &end, 0, 0, UINTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, UINTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou_noneg(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_noneg("42", NULL, -1, 1, 2, &status)
+	            == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_noneg("40", &end, 5, 0, UINTMAX_MAX, &status)
+	            == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("-40", &end, 0, 2, UINTMAX_MAX, &status)
+	            == 2);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg(" 5", &end, 0, 3, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
diff --git a/tests/tests/unit/test_chkname.c b/tests/tests/unit/test_chkname.c
new file mode 100644
index 0000000..e0f9f84
--- /dev/null
+++ b/tests/tests/unit/test_chkname.c
@@ -0,0 +1,149 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "alloc.h"
+#include "chkname.h"
+
+
+static void test_is_valid_user_name_ok(void **state);
+static void test_is_valid_user_name_ok_dollar(void **state);
+static void test_is_valid_user_name_nok_dash(void **state);
+static void test_is_valid_user_name_nok_dir(void **state);
+static void test_is_valid_user_name_nok_dollar(void **state);
+static void test_is_valid_user_name_nok_empty(void **state);
+static void test_is_valid_user_name_nok_numeric(void **state);
+static void test_is_valid_user_name_nok_otherchars(void **state);
+static void test_is_valid_user_name_long(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_is_valid_user_name_ok),
+        cmocka_unit_test(test_is_valid_user_name_ok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_dash),
+        cmocka_unit_test(test_is_valid_user_name_nok_dir),
+        cmocka_unit_test(test_is_valid_user_name_nok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_empty),
+        cmocka_unit_test(test_is_valid_user_name_nok_numeric),
+        cmocka_unit_test(test_is_valid_user_name_nok_otherchars),
+        cmocka_unit_test(test_is_valid_user_name_long),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_is_valid_user_name_ok(void **state)
+{
+	assert_true(is_valid_user_name("alx"));
+	assert_true(is_valid_user_name("u-ser"));
+	assert_true(is_valid_user_name("u"));
+	assert_true(is_valid_user_name("I"));
+	assert_true(is_valid_user_name("_"));
+	assert_true(is_valid_user_name("_.-"));
+	assert_true(is_valid_user_name(".007"));
+	assert_true(is_valid_user_name("0_0"));
+	assert_true(is_valid_user_name("some_longish_user_name_sHould_also_be_valid.wHY_not"));
+}
+
+
+static void
+test_is_valid_user_name_ok_dollar(void **state)
+{
+	// Non-POSIX extension for Samba 3.x "add machine script".
+	assert_true(is_valid_user_name("dollar$"));
+	assert_true(is_valid_user_name("SSS$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dash(void **state)
+{
+	assert_true(false == is_valid_user_name("-"));
+	assert_true(false == is_valid_user_name("-not-valid"));
+	assert_true(false == is_valid_user_name("--C"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dir(void **state)
+{
+	assert_true(false == is_valid_user_name("."));
+	assert_true(false == is_valid_user_name(".."));
+}
+
+
+static void
+test_is_valid_user_name_nok_dollar(void **state)
+{
+	assert_true(false == is_valid_user_name("$"));
+	assert_true(false == is_valid_user_name("$dollar"));
+	assert_true(false == is_valid_user_name("mo$ney"));
+	assert_true(false == is_valid_user_name("do$$ar"));
+	assert_true(false == is_valid_user_name("foo$bar$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_empty(void **state)
+{
+	assert_true(false == is_valid_user_name(""));
+}
+
+
+static void
+test_is_valid_user_name_nok_numeric(void **state)
+{
+	assert_true(false == is_valid_user_name("6"));
+	assert_true(false == is_valid_user_name("42"));
+}
+
+
+static void
+test_is_valid_user_name_nok_otherchars(void **state)
+{
+	assert_true(false == is_valid_user_name("no spaces"));
+	assert_true(false == is_valid_user_name("no,"));
+	assert_true(false == is_valid_user_name("no;"));
+	assert_true(false == is_valid_user_name("no:"));
+}
+
+
+static void
+test_is_valid_user_name_long(void **state)
+{
+	size_t  max;
+	char    *name;
+
+	max = sysconf(_SC_LOGIN_NAME_MAX);
+	name = MALLOC(max + 1, char);
+	assert_true(name != NULL);
+
+	memset(name, '_', max);
+
+	name[max] = '\0';
+	assert_true(false == is_valid_user_name(name));
+
+	name[max - 1] = '\0';
+	assert_true(is_valid_user_name(name));
+
+	free(name);
+}
diff --git a/tests/tests/unit/test_logind.c b/tests/tests/unit/test_logind.c
new file mode 100644
index 0000000..f91782c
--- /dev/null
+++ b/tests/tests/unit/test_logind.c
@@ -0,0 +1,69 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <pwd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#include "prototypes.h"
+
+/***********************
+ * WRAPPERS
+ **********************/
+struct passwd *
+__wrap_prefix_getpwnam(uid_t uid)
+{
+    return (struct passwd*) mock();
+}
+
+int
+__wrap_sd_uid_get_sessions(uid_t uid, int require_active, char ***sessions)
+{
+    return mock();
+}
+
+/***********************
+ * TEST
+ **********************/
+static void test_active_sessions_count_return_ok(void **state)
+{
+    int count;
+    struct passwd *pw = malloc(sizeof(struct passwd));
+
+    will_return(__wrap_prefix_getpwnam, pw);
+    will_return(__wrap_sd_uid_get_sessions, 1);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 1);
+}
+
+static void test_active_sessions_count_prefix_getpwnam_failure(void **state)
+{
+    int count;
+    struct passwd *pw = NULL;
+
+    will_return(__wrap_prefix_getpwnam, pw);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 0);
+}
+
+int main(void)
+{
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_active_sessions_count_return_ok),
+        cmocka_unit_test(test_active_sessions_count_prefix_getpwnam_failure),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/tests/unit/test_sprintf.c b/tests/tests/unit/test_sprintf.c
new file mode 100644
index 0000000..bedcff6
--- /dev/null
+++ b/tests/tests/unit/test_sprintf.c
@@ -0,0 +1,66 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/sprintf.h"
+
+
+static void test_SNPRINTF_trunc(void **state);
+static void test_SNPRINTF_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_SNPRINTF_trunc),
+        cmocka_unit_test(test_SNPRINTF_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_SNPRINTF_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(SNPRINTF(buf, "f%su", "oo") < 0);
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "barbaz") == -1);
+	assert_true(strcmp(buf, "bar") == 0);
+}
+
+
+static void
+test_SNPRINTF_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_true(SNPRINTF(buf, "%s", "foo") == strlen("foo"));
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "%do", 1) == strlen("1o"));
+	assert_true(strcmp(buf, "1o") == 0);
+
+	assert_true(SNPRINTF(buf, "f") == strlen("f"));
+	assert_true(strcmp(buf, "f") == 0);
+
+	assert_true(SNPRINTF(buf, "") == strlen(""));
+	assert_true(strcmp(buf, "") == 0);
+}
diff --git a/tests/tests/unit/test_strncpy.c b/tests/tests/unit/test_strncpy.c
new file mode 100644
index 0000000..968765b
--- /dev/null
+++ b/tests/tests/unit/test_strncpy.c
@@ -0,0 +1,85 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strncpy.h"
+
+
+static void test_STRNCPY_trunc(void **state);
+static void test_STRNCPY_fit(void **state);
+static void test_STRNCPY_pad(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRNCPY_trunc),
+        cmocka_unit_test(test_STRNCPY_fit),
+        cmocka_unit_test(test_STRNCPY_pad),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRNCPY_trunc(void **state)
+{
+	char  buf[3];
+
+	char  src1[4] = {'f', 'o', 'o', 'o'};
+	char  res1[3] = {'f', 'o', 'o'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[5] = "barb";
+	char  res2[3] = {'b', 'a', 'r'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_fit(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = {'b', 'a', 'z'};
+	char  res1[3] = {'b', 'a', 'z'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[4] = "qwe";
+	char  res2[3] = {'q', 'w', 'e'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_pad(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = "as";
+	char  res1[3] = {'a', 's', 0};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[3] = "";
+	char  res2[3] = {0, 0, 0};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+
+	char  src3[3] = {'a', 0, 'b'};
+	char  res3[3] = {'a', 0, 0};
+	assert_true(memcmp(res3, STRNCPY(buf, src3), sizeof(buf)) == 0);
+}
diff --git a/tests/tests/unit/test_strtcpy.c b/tests/tests/unit/test_strtcpy.c
new file mode 100644
index 0000000..12351a5
--- /dev/null
+++ b/tests/tests/unit/test_strtcpy.c
@@ -0,0 +1,67 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strtcpy.h"
+
+
+static void test_STRTCPY_trunc(void **state);
+static void test_STRTCPY_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRTCPY_trunc),
+        cmocka_unit_test(test_STRTCPY_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRTCPY_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(STRTCPY(buf, "fooo") < 0);
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "barbaz"), -1);
+	assert_string_equal(buf, "bar");
+}
+
+
+static void
+test_STRTCPY_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_int_equal(STRTCPY(buf, "foo"), strlen("foo"));
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "fo"), strlen("fo"));
+	assert_string_equal(buf, "fo");
+
+	assert_int_equal(STRTCPY(buf, "f"), strlen("f"));
+	assert_string_equal(buf, "f");
+
+	assert_int_equal(STRTCPY(buf, ""), strlen(""));
+	assert_string_equal(buf, "");
+}
diff --git a/tests/tests/unit/test_xasprintf.c b/tests/tests/unit/test_xasprintf.c
new file mode 100644
index 0000000..4b5d093
--- /dev/null
+++ b/tests/tests/unit/test_xasprintf.c
@@ -0,0 +1,114 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <setjmp.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/sprintf.h"
+
+
+#define assert_unreachable()  assert_true(0)
+
+#define XASPRINTF_CALLED  (-36)
+#define EXIT_CALLED       (42)
+#define TEST_OK           (-6)
+
+
+static jmp_buf  jmpb;
+
+
+/**********************
+ * WRAPPERS
+ **********************/
+int __real_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+int __wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+void __wrap_exit(int status);
+
+
+int
+__wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap)
+{
+	return mock() == -1 ? -1 : __real_vasprintf(p, fmt, ap);
+}
+
+
+void
+__wrap_exit(int status)
+{
+	longjmp(jmpb, EXIT_CALLED);
+}
+
+
+/**********************
+ * TEST
+ **********************/
+static void test_xasprintf_exit(void **state);
+static void test_xasprintf_ok(void **state);
+
+
+static void
+test_xasprintf_exit(void **state)
+{
+	volatile int    len;
+	char *volatile  p;
+
+	will_return(__wrap_vasprintf, -1);
+
+	len = 0;
+
+	switch (setjmp(jmpb)) {
+	case 0:
+		len = XASPRINTF_CALLED;
+		len = xasprintf(&p, "foo%s", "bar");
+		assert_unreachable();
+		break;
+	case EXIT_CALLED:
+		assert_int_equal(len, XASPRINTF_CALLED);
+		len = TEST_OK;
+		break;
+	default:
+		assert_unreachable();
+		break;
+	}
+
+	assert_int_equal(len, TEST_OK);
+}
+
+
+static void
+test_xasprintf_ok(void **state)
+{
+	int   len;
+	char  *p;
+
+	// Trick: it will actually return the length, not 0.
+	will_return(__wrap_vasprintf, 0);
+
+	len = xasprintf(&p, "foo%d%s", 1, "bar");
+	assert_int_equal(len, strlen("foo1bar"));
+	assert_string_equal(p, "foo1bar");
+	free(p);
+}
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_xasprintf_exit),
+        cmocka_unit_test(test_xasprintf_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/tests/unit/test_zustr2stp.c b/tests/tests/unit/test_zustr2stp.c
new file mode 100644
index 0000000..198d2eb
--- /dev/null
+++ b/tests/tests/unit/test_zustr2stp.c
@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/zustr2stp.h"
+
+
+static void test_ZUSTR2STP(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_ZUSTR2STP),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_ZUSTR2STP(void **state)
+{
+	char  src[3] = {'1', '2', '3'};
+	char  dst[4];
+
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("123"));
+	assert_true(strcmp("123", dst) == 0);
+
+	src[2] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("12"));
+	assert_true(strcmp("12", dst) == 0);
+
+	src[1] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("1"));
+	assert_true(strcmp("1", dst) == 0);
+
+	src[0] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen(""));
+	assert_true(strcmp("", dst) == 0);
+}
diff --git a/tests/tests/usertools/01/01_useradd_add_user.test b/tests/tests/usertools/01/01_useradd_add_user.test
new file mode 100755
index 0000000..dfd0366
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_useradd_add_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_useradd_add_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_useradd_add_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_useradd_add_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/01_useradd_add_user/group b/tests/tests/usertools/01/01_useradd_add_user/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/01_useradd_add_user/gshadow b/tests/tests/usertools/01/01_useradd_add_user/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/01_useradd_add_user/passwd b/tests/tests/usertools/01/01_useradd_add_user/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/01_useradd_add_user/shadow b/tests/tests/usertools/01/01_useradd_add_user/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/01_useradd_add_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/01_userdel_delete_user.test b/tests/tests/usertools/01/01_userdel_delete_user.test
new file mode 100755
index 0000000..132e16a
--- /dev/null
+++ b/tests/tests/usertools/01/01_userdel_delete_user.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user.test b/tests/tests/usertools/01/02_useradd_recreate_deleted_user.test
new file mode 100755
index 0000000..44721f5
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+echo -n "Create user test2 (useradd test1)..."
+useradd test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 02_useradd_recreate_deleted_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/group b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/group
new file mode 100644
index 0000000..3b8e510
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test2:x:1000:
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/gshadow b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/gshadow
new file mode 100644
index 0000000..73d0298
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test2:!::
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/passwd b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/passwd
new file mode 100644
index 0000000..0a8cf88
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test2:x:1000:1000::/home/test2:/bin/sh
diff --git a/tests/tests/usertools/01/02_useradd_recreate_deleted_user/shadow b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/shadow
new file mode 100644
index 0000000..1ca61d8
--- /dev/null
+++ b/tests/tests/usertools/01/02_useradd_recreate_deleted_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/03_useradd_additional_options.test b/tests/tests/usertools/01/03_useradd_additional_options.test
new file mode 100755
index 0000000..5808e45
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options.test
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd options --comment, --expiredate, --shell, --inactive, --home-dir"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test3 with options)..."
+useradd --comment "comment test3" \
+	--expiredate "2006-02-04" \
+	--shell "/bin/bash" \
+	--inactive "12" \
+	--home-dir "/nonexistenthomedir" \
+	test3
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 03_useradd_additional_options/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 03_useradd_additional_options/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 03_useradd_additional_options/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 03_useradd_additional_options/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test3..."
+test ! -d /home/test3
+echo "OK"
+echo -n "no homedir /nonexistenthomedir..."
+test ! -d /nonexistenthomedir
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/group b/tests/tests/usertools/01/03_useradd_additional_options/group
new file mode 100644
index 0000000..a0c1381
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test3:x:1000:
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/gshadow b/tests/tests/usertools/01/03_useradd_additional_options/gshadow
new file mode 100644
index 0000000..88e4ab1
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test3:!::
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/passwd b/tests/tests/usertools/01/03_useradd_additional_options/passwd
new file mode 100644
index 0000000..725da57
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test3:x:1000:1000:comment test3:/nonexistenthomedir:/bin/bash
diff --git a/tests/tests/usertools/01/03_useradd_additional_options/shadow b/tests/tests/usertools/01/03_useradd_additional_options/shadow
new file mode 100644
index 0000000..77fbfbc
--- /dev/null
+++ b/tests/tests/usertools/01/03_useradd_additional_options/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test3:!:@TODAY@:0:99999:7:12:13183:
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail.test b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail.test
new file mode 100755
index 0000000..7332451
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with an existing ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 test2)..."
+useradd -u 4242 test2 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "All right, useradd returned error $status."
+echo -n "Check returned status..."
+test "$status" = "4"
+echo "OK"
+
+echo "useradd displayed:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 04_useradd_add_user_with_existing_UID_fail/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_fail/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/group b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/gshadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/passwd b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/passwd
new file mode 100644
index 0000000..4b6c808
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/shadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/useradd.err b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/useradd.err
new file mode 100644
index 0000000..23e5962
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_fail/useradd.err
@@ -0,0 +1 @@
+useradd: UID 4242 is not unique
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
new file mode 100755
index 0000000..b630c67
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified existing ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 -o test2)..."
+useradd -u 4242 -o test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_add_user_with_existing_UID_with_-o/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test1..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir /home/test2..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/group b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/group
new file mode 100644
index 0000000..a951b25
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
+test2:x:4243:
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/gshadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/gshadow
new file mode 100644
index 0000000..11e7389
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
+test2:!::
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/passwd b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/passwd
new file mode 100644
index 0000000..58c50dd
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
+test2:x:4242:4243::/home/test2:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/shadow b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/shadow
new file mode 100644
index 0000000..4c40f47
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_add_user_with_existing_UID_with_-o/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID.test b/tests/tests/usertools/01/04_useradd_specified_UID.test
new file mode 100755
index 0000000..240899b
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_specified_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_specified_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/group b/tests/tests/usertools/01/04_useradd_specified_UID/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/gshadow b/tests/tests/usertools/01/04_useradd_specified_UID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/passwd b/tests/tests/usertools/01/04_useradd_specified_UID/passwd
new file mode 100644
index 0000000..4b6c808
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID/shadow b/tests/tests/usertools/01/04_useradd_specified_UID/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID.test b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID.test
new file mode 100755
index 0000000..1e11971
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified existing UID and GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 -g 4242 -o test2)..."
+useradd -u 4242 -g 4242 -o test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_useradd_specified_UID_and_GID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test1..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir /home/test2..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/group b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/gshadow b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/passwd b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/passwd
new file mode 100644
index 0000000..2603e1e
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
+test2:x:4242:4242::/home/test2:/bin/sh
diff --git a/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/shadow b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/shadow
new file mode 100644
index 0000000..4c40f47
--- /dev/null
+++ b/tests/tests/usertools/01/04_useradd_specified_UID_and_GID/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID.test b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID.test
new file mode 100755
index 0000000..de2a189
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID.test
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Remove an user with a duplicate ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4242 test1)..."
+useradd -u 4242 test1
+echo "OK"
+echo -n "Create user test2 with the same ID (useradd -u 4242 -o test2)..."
+useradd -u 4242 -o test2
+echo "OK"
+echo -n "Delete user test2 (userdel test2)..."
+userdel test2
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 04_userdel_delete_user_with_non_unique_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir /home/test1..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir /home/test2..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/group b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/group
new file mode 100644
index 0000000..6c7895c
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:4242:
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/gshadow b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/passwd b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/passwd
new file mode 100644
index 0000000..4b6c808
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4242:4242::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/shadow b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/04_userdel_delete_user_with_non_unique_UID/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group.test b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group.test
new file mode 100755
index 0000000..04b4bd0
--- /dev/null
+++ b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified unexisting GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -g 4242 test1)..."
+useradd -g 4242 test1 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "OK"
+echo "All right, useradd returned error $status."
+echo -n "Check returned status..."
+test "$status" = "6"
+echo "OK"
+
+echo "useradd displayed:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 05_useradd_invalid_numeric_primary_group/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group/useradd.err b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group/useradd.err
new file mode 100644
index 0000000..eb2629d
--- /dev/null
+++ b/tests/tests/usertools/01/05_useradd_invalid_numeric_primary_group/useradd.err
@@ -0,0 +1 @@
+useradd: group '4242' does not exist
diff --git a/tests/tests/usertools/01/06_useradd_invalid_named_primary_group.test b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group.test
new file mode 100755
index 0000000..ea02d5f
--- /dev/null
+++ b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified unexisting GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1 -g nekral)..."
+useradd test1 -g nekral 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "OK"
+echo "All right, useradd returned error $status."
+echo -n "Check returned status..."
+test "$status" = "6"
+echo "OK"
+
+echo "useradd displayed:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 06_useradd_invalid_named_primary_group/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/06_useradd_invalid_named_primary_group/useradd.err b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group/useradd.err
new file mode 100644
index 0000000..2b201fe
--- /dev/null
+++ b/tests/tests/usertools/01/06_useradd_invalid_named_primary_group/useradd.err
@@ -0,0 +1 @@
+useradd: group 'nekral' does not exist
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group.test b/tests/tests/usertools/01/07_useradd_numerical_primary_group.test
new file mode 100755
index 0000000..1f1f14c
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a numerical GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -g 1 test1)..."
+useradd -g 1 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 07_useradd_numerical_primary_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/group b/tests/tests/usertools/01/07_useradd_numerical_primary_group/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/gshadow b/tests/tests/usertools/01/07_useradd_numerical_primary_group/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/passwd b/tests/tests/usertools/01/07_useradd_numerical_primary_group/passwd
new file mode 100644
index 0000000..902efbe
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/07_useradd_numerical_primary_group/shadow b/tests/tests/usertools/01/07_useradd_numerical_primary_group/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/07_useradd_numerical_primary_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group.test b/tests/tests/usertools/01/08_useradd_named_primary_group.test
new file mode 100755
index 0000000..d18acdf
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a named GID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1 -g nogroup)..."
+useradd test1 -g nogroup
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 08_useradd_named_primary_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/group b/tests/tests/usertools/01/08_useradd_named_primary_group/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/gshadow b/tests/tests/usertools/01/08_useradd_named_primary_group/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/passwd b/tests/tests/usertools/01/08_useradd_named_primary_group/passwd
new file mode 100644
index 0000000..42ef2e2
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:65534::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/08_useradd_named_primary_group/shadow b/tests/tests/usertools/01/08_useradd_named_primary_group/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/08_useradd_named_primary_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info.test b/tests/tests/usertools/01/09_usermod_change_user_info.test
new file mode 100755
index 0000000..75d00b2
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Change user information with usermod"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user test1..."
+usermod -g 1 --comment "comment" -e 2000-09-01 -f 17 -s /bin/bash -d /tmp test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 09_usermod_change_user_info/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 09_usermod_change_user_info/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 09_usermod_change_user_info/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 09_usermod_change_user_info/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/group b/tests/tests/usertools/01/09_usermod_change_user_info/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/gshadow b/tests/tests/usertools/01/09_usermod_change_user_info/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/passwd b/tests/tests/usertools/01/09_usermod_change_user_info/passwd
new file mode 100644
index 0000000..60c8e45
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1:comment:/tmp:/bin/bash
diff --git a/tests/tests/usertools/01/09_usermod_change_user_info/shadow b/tests/tests/usertools/01/09_usermod_change_user_info/shadow
new file mode 100644
index 0000000..cf6bc25
--- /dev/null
+++ b/tests/tests/usertools/01/09_usermod_change_user_info/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:17:11201:
diff --git a/tests/tests/usertools/01/10_usermod_rename_user.test b/tests/tests/usertools/01/10_usermod_rename_user.test
new file mode 100755
index 0000000..202e9b6
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Rename user test1 to test2 (usermod -l test2 test1)..."
+usermod -l test2 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 10_usermod_rename_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 10_usermod_rename_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 10_usermod_rename_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 10_usermod_rename_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir (/home/test2)..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/group b/tests/tests/usertools/01/10_usermod_rename_user/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/gshadow b/tests/tests/usertools/01/10_usermod_rename_user/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/passwd b/tests/tests/usertools/01/10_usermod_rename_user/passwd
new file mode 100644
index 0000000..0d1ab51
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test2:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/10_usermod_rename_user/shadow b/tests/tests/usertools/01/10_usermod_rename_user/shadow
new file mode 100644
index 0000000..1ca61d8
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group.test b/tests/tests/usertools/01/10_usermod_rename_user_in_group.test
new file mode 100755
index 0000000..374acab
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 also in group daemon (useradd test1 -G daemon)..."
+useradd test1 -G daemon
+echo "OK"
+echo -n "Rename user test1 to test2 (usermod -l test2 test1)..."
+usermod -l test2 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 10_usermod_rename_user_in_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir (/home/test2)..."
+test -d /home/test2 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/group b/tests/tests/usertools/01/10_usermod_rename_user_in_group/group
new file mode 100644
index 0000000..271a2c3
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test2
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/gshadow b/tests/tests/usertools/01/10_usermod_rename_user_in_group/gshadow
new file mode 100644
index 0000000..879d206
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test2
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/passwd b/tests/tests/usertools/01/10_usermod_rename_user_in_group/passwd
new file mode 100644
index 0000000..0d1ab51
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test2:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/10_usermod_rename_user_in_group/shadow b/tests/tests/usertools/01/10_usermod_rename_user_in_group/shadow
new file mode 100644
index 0000000..1ca61d8
--- /dev/null
+++ b/tests/tests/usertools/01/10_usermod_rename_user_in_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test2:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_change_password.test b/tests/tests/usertools/01/11_usermod_change_password.test
new file mode 100755
index 0000000..a6e7ace
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's password..."
+usermod -p '$1$12345678$0jEt1CYOyE.5NxWFMZyZy1' test1
+# (test1F00barbaz)
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_change_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_change_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_change_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_change_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_change_password/group b/tests/tests/usertools/01/11_usermod_change_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_change_password/gshadow b/tests/tests/usertools/01/11_usermod_change_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_change_password/passwd b/tests/tests/usertools/01/11_usermod_change_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_change_password/shadow b/tests/tests/usertools/01/11_usermod_change_password/shadow
new file mode 100644
index 0000000..72025a2
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_change_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:$1$12345678$0jEt1CYOyE.5NxWFMZyZy1:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_lock_password.test b/tests/tests/usertools/01/11_usermod_lock_password.test
new file mode 100755
index 0000000..f5e6a9f
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password.test
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's password..."
+usermod -p '$1$12345678$0jEt1CYOyE.5NxWFMZyZy1' test1
+# (test1F00barbaz)
+echo "OK"
+echo -n "Lock user's password..."
+usermod -L test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_lock_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_lock_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_lock_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_lock_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/group b/tests/tests/usertools/01/11_usermod_lock_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/gshadow b/tests/tests/usertools/01/11_usermod_lock_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/passwd b/tests/tests/usertools/01/11_usermod_lock_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_lock_password/shadow b/tests/tests/usertools/01/11_usermod_lock_password/shadow
new file mode 100644
index 0000000..5a236b7
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_lock_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!$1$12345678$0jEt1CYOyE.5NxWFMZyZy1:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password.test b/tests/tests/usertools/01/11_usermod_unlock_empty_password.test
new file mode 100755
index 0000000..d12dfd8
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Unlock user's password..."
+usermod -U test1 2>tmp/err
+echo "OK"
+
+echo "usermod displayed:"
+echo "======================================================================="
+cat tmp/err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au 11_usermod_unlock_empty_password/usermod.err tmp/err
+echo "error message OK."
+rm -f tmp/err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_unlock_empty_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/group b/tests/tests/usertools/01/11_usermod_unlock_empty_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/gshadow b/tests/tests/usertools/01/11_usermod_unlock_empty_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/passwd b/tests/tests/usertools/01/11_usermod_unlock_empty_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/shadow b/tests/tests/usertools/01/11_usermod_unlock_empty_password/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_empty_password/usermod.err b/tests/tests/usertools/01/11_usermod_unlock_empty_password/usermod.err
new file mode 100644
index 0000000..2564dbf
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_empty_password/usermod.err
@@ -0,0 +1,2 @@
+usermod: unlocking the user's password would result in a passwordless account.
+You should set a password with usermod -p to unlock this user's password.
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password.test b/tests/tests/usertools/01/11_usermod_unlock_password.test
new file mode 100755
index 0000000..905b2c0
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's password..."
+usermod -p '$1$12345678$0jEt1CYOyE.5NxWFMZyZy1' test1
+# (test1F00barbaz)
+echo "OK"
+echo -n "Lock user's password..."
+usermod -L test1
+echo "OK"
+echo -n "Unlock user's password..."
+usermod -U test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 11_usermod_unlock_password/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 11_usermod_unlock_password/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 11_usermod_unlock_password/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 11_usermod_unlock_password/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/group b/tests/tests/usertools/01/11_usermod_unlock_password/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/gshadow b/tests/tests/usertools/01/11_usermod_unlock_password/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/passwd b/tests/tests/usertools/01/11_usermod_unlock_password/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/11_usermod_unlock_password/shadow b/tests/tests/usertools/01/11_usermod_unlock_password/shadow
new file mode 100644
index 0000000..72025a2
--- /dev/null
+++ b/tests/tests/usertools/01/11_usermod_unlock_password/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:$1$12345678$0jEt1CYOyE.5NxWFMZyZy1:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name.test b/tests/tests/usertools/01/12_usermod_change_gid_name.test
new file mode 100755
index 0000000..8148149
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's group..."
+usermod -g daemon test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_name/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/group b/tests/tests/usertools/01/12_usermod_change_gid_name/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/gshadow b/tests/tests/usertools/01/12_usermod_change_gid_name/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/passwd b/tests/tests/usertools/01/12_usermod_change_gid_name/passwd
new file mode 100644
index 0000000..902efbe
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_name/shadow b/tests/tests/usertools/01/12_usermod_change_gid_name/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_name/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number.test b/tests/tests/usertools/01/12_usermod_change_gid_number.test
new file mode 100755
index 0000000..e4172a8
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Change user's group..."
+usermod -g 1 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 12_usermod_change_gid_number/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/group b/tests/tests/usertools/01/12_usermod_change_gid_number/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/gshadow b/tests/tests/usertools/01/12_usermod_change_gid_number/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/passwd b/tests/tests/usertools/01/12_usermod_change_gid_number/passwd
new file mode 100644
index 0000000..902efbe
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/12_usermod_change_gid_number/shadow b/tests/tests/usertools/01/12_usermod_change_gid_number/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/12_usermod_change_gid_number/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID.test b/tests/tests/usertools/01/13_useradd_negative_UID.test
new file mode 100755
index 0000000..f049a91
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with a negative UID (useradd -u -1 test1)..."
+msg=$(useradd -u -1 test1 2>&1) && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "useradd returned status $status,"
+echo "and displayed \"$msg\""
+echo -n "The returned status should be 3..."
+test "$status" = "3"
+echo "OK"
+echo -n "Test the error message (should be \"useradd: invalid user ID '-1'\")..."
+test "$msg" = "useradd: invalid user ID '-1'"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 13_useradd_negative_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 13_useradd_negative_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 13_useradd_negative_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 13_useradd_negative_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/group b/tests/tests/usertools/01/13_useradd_negative_UID/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/gshadow b/tests/tests/usertools/01/13_useradd_negative_UID/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/passwd b/tests/tests/usertools/01/13_useradd_negative_UID/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/13_useradd_negative_UID/shadow b/tests/tests/usertools/01/13_useradd_negative_UID/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/13_useradd_negative_UID/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID.test b/tests/tests/usertools/01/14_useradd_out_of_range_UID.test
new file mode 100755
index 0000000..88cac26
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with UID 4294967296 (useradd -u 4294967296 test1)..."
+msg=$(useradd -u 4294967296 test1 2>&1) && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "useradd returned status $status,"
+echo "and displayed \"$msg\""
+echo -n "The returned status should be 3..."
+test "$status" = "3"
+echo "OK"
+echo -n "Test the error message (should be \"useradd: invalid user ID '4294967296'\")..."
+test "$msg" = "useradd: invalid user ID '4294967296'"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 14_useradd_out_of_range_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/group b/tests/tests/usertools/01/14_useradd_out_of_range_UID/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/gshadow b/tests/tests/usertools/01/14_useradd_out_of_range_UID/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/passwd b/tests/tests/usertools/01/14_useradd_out_of_range_UID/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/14_useradd_out_of_range_UID/shadow b/tests/tests/usertools/01/14_useradd_out_of_range_UID/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/14_useradd_out_of_range_UID/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID.test b/tests/tests/usertools/01/15_useradd_specified_large_UID.test
new file mode 100755
index 0000000..69fd5db
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 2147483647 test1)..."
+useradd -u 2147483647 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 15_useradd_specified_large_UID/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/group b/tests/tests/usertools/01/15_useradd_specified_large_UID/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/gshadow b/tests/tests/usertools/01/15_useradd_specified_large_UID/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/passwd b/tests/tests/usertools/01/15_useradd_specified_large_UID/passwd
new file mode 100644
index 0000000..116c1c7
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:2147483647:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/15_useradd_specified_large_UID/shadow b/tests/tests/usertools/01/15_useradd_specified_large_UID/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/15_useradd_specified_large_UID/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups.test b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups.test
new file mode 100755
index 0000000..3e0323e
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1, and add it to group src (useradd test1 -g src)..."
+useradd test1 -g nogroup -G src,daemon,bin
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_multiple_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/group b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/group
new file mode 100644
index 0000000..04d5635
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:test1
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/gshadow b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/gshadow
new file mode 100644
index 0000000..1605ab6
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::test1
+bin:*::test1
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/passwd b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/passwd
new file mode 100644
index 0000000..42ef2e2
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:65534::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/shadow b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_multiple_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group.test b/tests/tests/usertools/01/16_useradd_add_user_to_one_group.test
new file mode 100755
index 0000000..38c0020
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1, and add it to group src (useradd test1 -g src)..."
+useradd test1 -G src
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 16_useradd_add_user_to_one_group/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/group b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/group
new file mode 100644
index 0000000..1c6668e
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/gshadow b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/gshadow
new file mode 100644
index 0000000..680a5dc
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/passwd b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/16_useradd_add_user_to_one_group/shadow b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/16_useradd_add_user_to_one_group/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir.test b/tests/tests/usertools/01/17_useradd_create_homedir.test
new file mode 100755
index 0000000..cf27140
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir.test
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with homedir (useradd --create-home test1)..."
+useradd --create-home test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_useradd_add_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_useradd_add_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_useradd_add_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_useradd_add_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "homedir created..."
+test -d /home/test1
+echo "OK"
+echo -n "Check if skeleton files were added..."
+diff -rauN /etc/skel /home/test1
+echo "OK"
+rm -rf /home/test1
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/group b/tests/tests/usertools/01/17_useradd_create_homedir/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/gshadow b/tests/tests/usertools/01/17_useradd_create_homedir/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/passwd b/tests/tests/usertools/01/17_useradd_create_homedir/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/17_useradd_create_homedir/shadow b/tests/tests/usertools/01/17_useradd_create_homedir/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/17_useradd_create_homedir/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir.test b/tests/tests/usertools/01/18_userdel_remove_homedir.test
new file mode 100755
index 0000000..085381d
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with homedir (useradd --create-home test1)..."
+useradd --create-home test1
+echo "OK"
+echo -n "Delete user test1 with homedir (userdel --remove test1)..."
+userdel --remove test1 2>tmp/userdel.err
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check the userdel message..."
+diff -au 18_userdel_remove_homedir/userdel.err tmp/userdel.err
+echo "userdel message OK."
+rm -f tmp/userdel.err
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "homedir removed..."
+test ! -d /home/test1
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/group b/tests/tests/usertools/01/18_userdel_remove_homedir/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/gshadow b/tests/tests/usertools/01/18_userdel_remove_homedir/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/passwd b/tests/tests/usertools/01/18_userdel_remove_homedir/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/shadow b/tests/tests/usertools/01/18_userdel_remove_homedir/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/18_userdel_remove_homedir/userdel.err b/tests/tests/usertools/01/18_userdel_remove_homedir/userdel.err
new file mode 100644
index 0000000..0b2f1ff
--- /dev/null
+++ b/tests/tests/usertools/01/18_userdel_remove_homedir/userdel.err
@@ -0,0 +1 @@
+userdel: test1 mail spool (/var/mail/test1) not found
diff --git a/tests/tests/usertools/01/19_userdel_delete_user_in_group.test b/tests/tests/usertools/01/19_userdel_delete_user_in_group.test
new file mode 100755
index 0000000..7787899
--- /dev/null
+++ b/tests/tests/usertools/01/19_userdel_delete_user_in_group.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and add it to groups daemon and bin (useradd test1 -G daemon,bin)..."
+useradd test1 -G daemon,bin
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/20_usermod_change_homedir.test b/tests/tests/usertools/01/20_usermod_change_homedir.test
new file mode 100755
index 0000000..6ef6e8f
--- /dev/null
+++ b/tests/tests/usertools/01/20_usermod_change_homedir.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and its homedir (useradd test1 -m)..."
+useradd test1 -m
+echo "OK"
+echo -n "Change the user's homedir (usermod --home /home/test1.new test1)..."
+usermod --home /home/test1.new test1
+echo "OK"
+echo -n "Test if the new homedir was not created..."
+test ! -d /home/test1.new
+echo "OK"
+echo -n "test if the old homedir was kept..."
+test -d /home/test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "old homedir kept (/home/test1)..."
+test -d /home/test1
+echo "OK"
+echo -n "no homedir (/home/test1.new)..."
+test ! -d /home/test1.new
+echo "OK"
+rm -rf /home/test1
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/21_usermod_change_and_move_homedir.test b/tests/tests/usertools/01/21_usermod_change_and_move_homedir.test
new file mode 100755
index 0000000..0f26920
--- /dev/null
+++ b/tests/tests/usertools/01/21_usermod_change_and_move_homedir.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Delete user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and its homedir (useradd test1 -m)..."
+useradd test1 -m
+echo "OK"
+echo -n "Change the user's homedir (usermod -m --home /home/test1.new test1)..."
+usermod -m --home /home/test1.new test1
+echo "OK"
+echo -n "Test if the new homedir exists..."
+test -d /home/test1.new
+echo "OK"
+echo -n "test if the old homedir was removed..."
+test ! -d /home/test1
+echo "OK"
+echo -n "Delete user test1 (userdel test1)..."
+userdel test1 --remove 2>tmp/userdel.err
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check the userdel message..."
+diff -au 18_userdel_remove_homedir/userdel.err tmp/userdel.err
+echo "userdel message OK."
+rm -f tmp/userdel.err
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test ! -d /home/test1
+echo "OK"
+echo -n "no homedir (/home/test1.new)..."
+test ! -d /home/test1.new
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/22_usermod_new_groups.test b/tests/tests/usertools/01/22_usermod_new_groups.test
new file mode 100755
index 0000000..2cbdfa2
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+echo -n "Add test1 to groups nogroup, daemon, and src..."
+usermod -G nogroup,daemon,src test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 22_usermod_new_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 22_usermod_new_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 22_usermod_new_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 22_usermod_new_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/group b/tests/tests/usertools/01/22_usermod_new_groups/group
new file mode 100644
index 0000000..e529520
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:test1
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/gshadow b/tests/tests/usertools/01/22_usermod_new_groups/gshadow
new file mode 100644
index 0000000..87749e3
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test1
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::test1
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/passwd b/tests/tests/usertools/01/22_usermod_new_groups/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/22_usermod_new_groups/shadow b/tests/tests/usertools/01/22_usermod_new_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/22_usermod_new_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/23_usermod_add_groups.test b/tests/tests/usertools/01/23_usermod_add_groups.test
new file mode 100755
index 0000000..754bdd4
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and add it to group bin (useradd test1 -G bin)..."
+useradd test1 -G bin
+echo "OK"
+echo -n "Add test1 to the additional groups nogroup, daemon, and src..."
+usermod -a -G nogroup,daemon,src test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 23_usermod_add_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 23_usermod_add_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 23_usermod_add_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 23_usermod_add_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/group b/tests/tests/usertools/01/23_usermod_add_groups/group
new file mode 100644
index 0000000..09243dd
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:test1
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:test1
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/gshadow b/tests/tests/usertools/01/23_usermod_add_groups/gshadow
new file mode 100644
index 0000000..a572a19
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test1
+bin:*::test1
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::test1
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/passwd b/tests/tests/usertools/01/23_usermod_add_groups/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/23_usermod_add_groups/shadow b/tests/tests/usertools/01/23_usermod_add_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/23_usermod_add_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups.test b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups.test
new file mode 100755
index 0000000..6b217c6
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 and add it to group bin (useradd test1 -G bin)..."
+useradd test1 -G bin
+echo "OK"
+echo -n "Change the groups of test1 to nogroup, daemon, and src..."
+usermod -G nogroup,daemon,src test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 24_usermod_new_groups_remove_old_groups/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/group b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/group
new file mode 100644
index 0000000..e529520
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:test1
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:test1
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:test1
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/gshadow b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/gshadow
new file mode 100644
index 0000000..87749e3
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::test1
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::test1
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::test1
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/passwd b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/passwd
new file mode 100644
index 0000000..0b4b0fa
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/shadow b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/24_usermod_new_groups_remove_old_groups/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2.test b/tests/tests/usertools/01/25_useradd_specified_large_UID2.test
new file mode 100755
index 0000000..ed4858c
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2.test
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user with a specified ID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd -u 4294967294 test1)..."
+useradd -u 4294967294 test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 25_useradd_specified_large_UID2/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/group b/tests/tests/usertools/01/25_useradd_specified_large_UID2/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/gshadow b/tests/tests/usertools/01/25_useradd_specified_large_UID2/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/passwd b/tests/tests/usertools/01/25_useradd_specified_large_UID2/passwd
new file mode 100644
index 0000000..cef4912
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:4294967294:1000::/home/test1:/bin/sh
diff --git a/tests/tests/usertools/01/25_useradd_specified_large_UID2/shadow b/tests/tests/usertools/01/25_useradd_specified_large_UID2/shadow
new file mode 100644
index 0000000..5920e12
--- /dev/null
+++ b/tests/tests/usertools/01/25_useradd_specified_large_UID2/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1.test b/tests/tests/usertools/01/26_useradd_UID_-1.test
new file mode 100755
index 0000000..18bedb5
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 with UID 4294967295 (useradd -u 4294967295 test1)..."
+msg=$(useradd -u 4294967295 test1 2>&1) && exit 1 || {
+	status=$?
+}
+echo "OK"
+echo "useradd returned status $status,"
+echo "and displayed \"$msg\""
+echo -n "The returned status should be 3..."
+test "$status" = "3"
+echo "OK"
+echo -n "Test the error message (should be \"useradd: invalid user ID '4294967295'\")..."
+test "$msg" = "useradd: invalid user ID '4294967295'"
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 26_useradd_UID_-1/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 26_useradd_UID_-1/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 26_useradd_UID_-1/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 26_useradd_UID_-1/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/group b/tests/tests/usertools/01/26_useradd_UID_-1/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/gshadow b/tests/tests/usertools/01/26_useradd_UID_-1/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/passwd b/tests/tests/usertools/01/26_useradd_UID_-1/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/26_useradd_UID_-1/shadow b/tests/tests/usertools/01/26_useradd_UID_-1/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/26_useradd_UID_-1/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/01/config/etc/default/useradd b/tests/tests/usertools/01/config/etc/default/useradd
new file mode 100644
index 0000000..64dec7d
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/01/config/etc/group b/tests/tests/usertools/01/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/01/config/etc/gshadow b/tests/tests/usertools/01/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/01/config/etc/passwd b/tests/tests/usertools/01/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/01/config/etc/shadow b/tests/tests/usertools/01/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/01/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/02/config.txt b/tests/tests/usertools/02/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/usertools/02/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/usertools/02/config/etc/default/useradd b/tests/tests/usertools/02/config/etc/default/useradd
new file mode 100644
index 0000000..a834fef
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/default/useradd
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
diff --git a/tests/tests/usertools/02/config/etc/group b/tests/tests/usertools/02/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/usertools/02/config/etc/gshadow b/tests/tests/usertools/02/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/usertools/02/config/etc/passwd b/tests/tests/usertools/02/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/usertools/02/config/etc/shadow b/tests/tests/usertools/02/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/usertools/02/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/usertools/02/data/useradd-D.out b/tests/tests/usertools/02/data/useradd-D.out
new file mode 100644
index 0000000..a3f48f3
--- /dev/null
+++ b/tests/tests/usertools/02/data/useradd-D.out
@@ -0,0 +1,7 @@
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/sh
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/data/useradd-D_default_values.out b/tests/tests/usertools/02/data/useradd-D_default_values.out
new file mode 100644
index 0000000..1eb58e2
--- /dev/null
+++ b/tests/tests/usertools/02/data/useradd-D_default_values.out
@@ -0,0 +1,7 @@
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_EXPIRE.test b/tests/tests/usertools/02/useradd_change_default_EXPIRE.test
new file mode 100755
index 0000000..6901603
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_EXPIRE.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --expiredate 1979-11-24)..."
+useradd -D --expiredate 1979-11-24
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_EXPIRE/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_EXPIRE/useradd.default b/tests/tests/usertools/02/useradd_change_default_EXPIRE/useradd.default
new file mode 100644
index 0000000..aa3cd2b
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_EXPIRE/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=1979-11-24
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_GROUP.test b/tests/tests/usertools/02/useradd_change_default_GROUP.test
new file mode 100755
index 0000000..07ea62b
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_GROUP.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --gid nogroup)..."
+useradd -D --gid nogroup
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_GROUP/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_GROUP/useradd.default b/tests/tests/usertools/02/useradd_change_default_GROUP/useradd.default
new file mode 100644
index 0000000..c26a28b
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_GROUP/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=65534
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_HOME.test b/tests/tests/usertools/02/useradd_change_default_HOME.test
new file mode 100755
index 0000000..8d8357c
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_HOME.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --base-dir /tmp)..."
+useradd -D --base-dir /tmp
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_HOME/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_HOME/useradd.default b/tests/tests/usertools/02/useradd_change_default_HOME/useradd.default
new file mode 100644
index 0000000..75953c6
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_HOME/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/tmp
+INACTIVE=-1
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_INACTIVE.test b/tests/tests/usertools/02/useradd_change_default_INACTIVE.test
new file mode 100755
index 0000000..7257439
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_INACTIVE.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --inactive 10)..."
+useradd -D --inactive 10
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_INACTIVE/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_INACTIVE/useradd.default b/tests/tests/usertools/02/useradd_change_default_INACTIVE/useradd.default
new file mode 100644
index 0000000..fc2f084
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_INACTIVE/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/home
+INACTIVE=10
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_default_SHELL.test b/tests/tests/usertools/02/useradd_change_default_SHELL.test
new file mode 100755
index 0000000..d6c22dc
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_SHELL.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change default shell (useradd -D --shell /bin/foobar)..."
+useradd -D --shell /bin/foobar
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_default_SHELL/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_default_SHELL/useradd.default b/tests/tests/usertools/02/useradd_change_default_SHELL/useradd.default
new file mode 100644
index 0000000..421f1a0
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_default_SHELL/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_change_defaults.test b/tests/tests/usertools/02/useradd_change_defaults.test
new file mode 100755
index 0000000..665a995
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_defaults.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: set all default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change useradd defaults..."
+useradd -D -b /var/tmp -e 1979-11-24 -f 12 -g 1 -s /usr/bin/foobar
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_defaults/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_change_defaults/useradd.default b/tests/tests/usertools/02/useradd_change_defaults/useradd.default
new file mode 100644
index 0000000..9edb781
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_change_defaults/useradd.default
@@ -0,0 +1,43 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/usr/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
+GROUP=1
+HOME=/var/tmp
+INACTIVE=12
+EXPIRE=1979-11-24
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/02/useradd_default_default_values.test b/tests/tests/usertools/02/useradd_default_default_values.test
new file mode 100755
index 0000000..4c6cf0e
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_default_default_values.test
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/default/useradd..."
+rm -f /etc/default/useradd
+echo "OK"
+
+echo -n "Get default values: 'useradd -D > tmp/out'..."
+useradd -D > tmp/out
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au data/useradd-D_default_values.out tmp/out
+echo "OK"
+
+rm -f tmp/out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/02/useradd_get_default_values.test b/tests/tests/usertools/02/useradd_get_default_values.test
new file mode 100755
index 0000000..a18fb04
--- /dev/null
+++ b/tests/tests/usertools/02/useradd_get_default_values.test
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: get default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get default values: 'useradd -D > tmp/out'..."
+useradd -D > tmp/out
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au data/useradd-D.out tmp/out
+echo "OK"
+
+rm -f tmp/out
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/03/config.txt b/tests/tests/usertools/03/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/usertools/03/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/usertools/03/config/etc/default/useradd b/tests/tests/usertools/03/config/etc/default/useradd
new file mode 100644
index 0000000..f34b3ff
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+# SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-1
+#
+# The default expire date
+EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/03/config/etc/group b/tests/tests/usertools/03/config/etc/group
new file mode 100644
index 0000000..245cc9c
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+myuser:x:424242:
diff --git a/tests/tests/usertools/03/config/etc/gshadow b/tests/tests/usertools/03/config/etc/gshadow
new file mode 100644
index 0000000..25bd55b
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+myuser:x::
diff --git a/tests/tests/usertools/03/config/etc/passwd b/tests/tests/usertools/03/config/etc/passwd
new file mode 100644
index 0000000..6eefe5a
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+myuser:x:424242:424242::/home:/bin/bash
+testsuite::424243:424243::/home:/bin/bash
diff --git a/tests/tests/usertools/03/config/etc/shadow b/tests/tests/usertools/03/config/etc/shadow
new file mode 100644
index 0000000..038d5cf
--- /dev/null
+++ b/tests/tests/usertools/03/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+myuser:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12991:0:99999:7:::
diff --git a/tests/tests/usertools/03/useradd_change_defaults.test b/tests/tests/usertools/03/useradd_change_defaults.test
new file mode 100755
index 0000000..665a995
--- /dev/null
+++ b/tests/tests/usertools/03/useradd_change_defaults.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "useradd -D: set all default values"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change useradd defaults..."
+useradd -D -b /var/tmp -e 1979-11-24 -f 12 -g 1 -s /usr/bin/foobar
+echo "OK"
+
+echo -n "Check the default values..."
+diff -au useradd_change_defaults/useradd.default /etc/default/useradd
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/03/useradd_change_defaults/useradd.default b/tests/tests/usertools/03/useradd_change_defaults/useradd.default
new file mode 100644
index 0000000..7ef8db6
--- /dev/null
+++ b/tests/tests/usertools/03/useradd_change_defaults/useradd.default
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+# SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=1
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/var/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=1979-11-24
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=yes
+SHELL=/usr/bin/foobar
diff --git a/tests/tests/usertools/04/01_useradd_add_user.test b/tests/tests/usertools/04/01_useradd_add_user.test
new file mode 100755
index 0000000..47aea8a
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "Add a new user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+useradd test1
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl 01_useradd_add_user/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl 01_useradd_add_user/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl 01_useradd_add_user/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl 01_useradd_add_user/gshadow /etc/gshadow
+echo "OK"
+echo -n "no homedir (/home/test1)..."
+test -d /home/test1 && exit 1 || true
+echo "OK"
+echo -n "no homedir (/tmp/test1)..."
+test -d /tmp/test1 && exit 1 || true
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/04/01_useradd_add_user/group b/tests/tests/usertools/04/01_useradd_add_user/group
new file mode 100644
index 0000000..ff31912
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+test1:x:1000:
diff --git a/tests/tests/usertools/04/01_useradd_add_user/gshadow b/tests/tests/usertools/04/01_useradd_add_user/gshadow
new file mode 100644
index 0000000..90e8eac
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test1:!::
diff --git a/tests/tests/usertools/04/01_useradd_add_user/passwd b/tests/tests/usertools/04/01_useradd_add_user/passwd
new file mode 100644
index 0000000..725e58b
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+test1:x:1000:1000::/tmp/test1:/bin/foobar
diff --git a/tests/tests/usertools/04/01_useradd_add_user/shadow b/tests/tests/usertools/04/01_useradd_add_user/shadow
new file mode 100644
index 0000000..116140f
--- /dev/null
+++ b/tests/tests/usertools/04/01_useradd_add_user/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+test1:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/04/config.txt b/tests/tests/usertools/04/config.txt
new file mode 100644
index 0000000..aecff4a
--- /dev/null
+++ b/tests/tests/usertools/04/config.txt
@@ -0,0 +1,3 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
diff --git a/tests/tests/usertools/04/config/etc/default/useradd b/tests/tests/usertools/04/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/04/config/etc/group b/tests/tests/usertools/04/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/04/config/etc/gshadow b/tests/tests/usertools/04/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/04/config/etc/passwd b/tests/tests/usertools/04/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/04/config/etc/shadow b/tests/tests/usertools/04/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/04/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config.txt b/tests/tests/usertools/05_userdel_del_from_group_members/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/default/useradd b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/group b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/gshadow b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/passwd b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/shadow b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/group b/tests/tests/usertools/05_userdel_del_from_group_members/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/gshadow b/tests/tests/usertools/05_userdel_del_from_group_members/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/passwd b/tests/tests/usertools/05_userdel_del_from_group_members/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/data/shadow b/tests/tests/usertools/05_userdel_del_from_group_members/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/05_userdel_del_from_group_members/userdel.test b/tests/tests/usertools/05_userdel_del_from_group_members/userdel.test
new file mode 100755
index 0000000..89e749b
--- /dev/null
+++ b/tests/tests/usertools/05_userdel_del_from_group_members/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from the member lists of /etc/group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user test1 (useradd test1)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config.txt b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config.txt
new file mode 100644
index 0000000..73de400
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/gshadow only
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/default/useradd b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/group b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/group
new file mode 100644
index 0000000..0bf8d5d
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root,foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/gshadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/gshadow
new file mode 100644
index 0000000..ad90310
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/passwd b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/shadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/group b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/group
new file mode 100644
index 0000000..838b9b9
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/gshadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/passwd b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/shadow b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/06_userdel_del_from_gshadow_members/userdel.test b/tests/tests/usertools/06_userdel_del_from_gshadow_members/userdel.test
new file mode 100755
index 0000000..dd502f3
--- /dev/null
+++ b/tests/tests/usertools/06_userdel_del_from_gshadow_members/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from the member lists of /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config.txt b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config.txt
new file mode 100644
index 0000000..56313e3
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config.txt
@@ -0,0 +1,2 @@
+user foo, admin of group users according to /etc/gshadow
+user foo in group users according to /etc/group
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/default/useradd b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/group b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/group
new file mode 100644
index 0000000..f60e18c
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/gshadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/gshadow
new file mode 100644
index 0000000..59e5042
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/passwd b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/shadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/group b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/group
new file mode 100644
index 0000000..838b9b9
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/gshadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/gshadow
new file mode 100644
index 0000000..0f3592a
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/passwd b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/shadow b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/07_userdel_del_from_gshadow_admins/userdel.test b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/userdel.test
new file mode 100755
index 0000000..b14aeb2
--- /dev/null
+++ b/tests/tests/usertools/07_userdel_del_from_gshadow_admins/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from the admins lists of /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config.txt b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config.txt
new file mode 100644
index 0000000..d339d5a
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config.txt
@@ -0,0 +1,4 @@
+user foo, in group users and mail according to /etc/group
+user foo, in group disk and audio according to /etc/gshadow
+foo member and admin of group users according to /etc/gshadow
+root in group users
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/default/useradd b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/group b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/group
new file mode 100644
index 0000000..bb62de1
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:foo
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/gshadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..7556fcf
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::foo
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::foo
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:foo,root:root,foo
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/passwd b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/passwd
new file mode 100644
index 0000000..dc7bf84
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/shadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/group b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/group
new file mode 100644
index 0000000..838b9b9
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:root
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/gshadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/gshadow
new file mode 100644
index 0000000..f8384c9
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*:root:root
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/passwd b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/shadow b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/userdel.test b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/userdel.test
new file mode 100755
index 0000000..db13fb4
--- /dev/null
+++ b/tests/tests/usertools/08_userdel_del_from_group_and_gshadow/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel removes the user from lists in /etc/group and /etc/gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config.txt b/tests/tests/usertools/09_userdel_del_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/default/useradd b/tests/tests/usertools/09_userdel_del_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/group b/tests/tests/usertools/09_userdel_del_homedir/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/gshadow b/tests/tests/usertools/09_userdel_del_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/passwd b/tests/tests/usertools/09_userdel_del_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/09_userdel_del_homedir/config/etc/shadow b/tests/tests/usertools/09_userdel_del_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/group b/tests/tests/usertools/09_userdel_del_homedir/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/gshadow b/tests/tests/usertools/09_userdel_del_homedir/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/passwd b/tests/tests/usertools/09_userdel_del_homedir/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/09_userdel_del_homedir/data/shadow b/tests/tests/usertools/09_userdel_del_homedir/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/09_userdel_del_homedir/userdel.test b/tests/tests/usertools/09_userdel_del_homedir/userdel.test
new file mode 100755
index 0000000..5d2a7aa
--- /dev/null
+++ b/tests/tests/usertools/09_userdel_del_homedir/userdel.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel can delete the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+echo toto > /home/foo/toto
+touch /var/mail/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /var/mail/foo /home/foo' 0
+chown -R foo:foo /var/mail/foo /home/foo
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's mail spool was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config.txt b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/default/useradd b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/group b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/gshadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/passwd b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/shadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/group b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/gshadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/passwd b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/shadow b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/userdel.err b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/userdel.err
new file mode 100644
index 0000000..ca8e8ab
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/data/userdel.err
@@ -0,0 +1 @@
+userdel: /home/foo not owned by foo, not removing
diff --git a/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/userdel.test b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/userdel.test
new file mode 100755
index 0000000..37b1674
--- /dev/null
+++ b/tests/tests/usertools/10_userdel_del_homedir_wrong_owner/userdel.test
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel does not delete the user's home directory if it is not owned by the user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /var/mail/foo /home/foo' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+touch /var/mail/foo
+chown -R foo:foo /var/mail/foo
+chown -R root:root /home/foo
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo "The user should have been removed."
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was not removed..."
+test -d /home/foo
+echo "OK"
+echo -n "Check the user's mail spool was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+rm -rf /home/foo
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config.txt b/tests/tests/usertools/11_usermod_move_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/default/useradd b/tests/tests/usertools/11_usermod_move_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/group b/tests/tests/usertools/11_usermod_move_homedir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/gshadow b/tests/tests/usertools/11_usermod_move_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/passwd b/tests/tests/usertools/11_usermod_move_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/11_usermod_move_homedir/config/etc/shadow b/tests/tests/usertools/11_usermod_move_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/11_usermod_move_homedir/data/home_ls-a b/tests/tests/usertools/11_usermod_move_homedir/data/home_ls-a
new file mode 100644
index 0000000..89bbbd9
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:foo `/home/foo2/toto'
+drwxr-xr-x foo:foo `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/11_usermod_move_homedir/data/passwd b/tests/tests/usertools/11_usermod_move_homedir/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/11_usermod_move_homedir/usermod.test b/tests/tests/usertools/11_usermod_move_homedir/usermod.test
new file mode 100755
index 0000000..b0ebf5c
--- /dev/null
+++ b/tests/tests/usertools/11_usermod_move_homedir/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+chown -R foo:foo /home/foo
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config.txt b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config.txt
new file mode 100644
index 0000000..75f05ab
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config.txt
@@ -0,0 +1 @@
+user foo's home directory is /dev/null
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/default/useradd b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/group b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/gshadow b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/passwd b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/passwd
new file mode 100644
index 0000000..b1fd322
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/dev/null:/bin/false
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/shadow b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/passwd b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/usermod.err b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/usermod.err
new file mode 100644
index 0000000..f02fc5a
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/data/usermod.err
@@ -0,0 +1 @@
+usermod: The previous home directory (/dev/null) was not a directory. It is not removed and no home directories are created.
diff --git a/tests/tests/usertools/12_usermod_move_homedir_dev_null/usermod.test b/tests/tests/usertools/12_usermod_move_homedir_dev_null/usermod.test
new file mode 100755
index 0000000..c0ce1c1
--- /dev/null
+++ b/tests/tests/usertools/12_usermod_move_homedir_dev_null/usermod.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# TBC: should usermod create the home directory?
+log_start "$0" "usermod does not move non-directory (/dev/null)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Make sure /dev/null was not removed..."
+test -c /dev/null
+echo "OK"
+echo -n "Make sure the user's home directory was not removed..."
+test ! -e /home/foo2
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config.txt b/tests/tests/usertools/13_usermod_move_homedir_file/config.txt
new file mode 100644
index 0000000..5e41c31
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config.txt
@@ -0,0 +1 @@
+user foo's home directory is /home/foo, which will be created by usermod.test as a regular file.
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/default/useradd b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/group b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/gshadow b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/passwd b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/shadow b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/data/passwd b/tests/tests/usertools/13_usermod_move_homedir_file/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/data/usermod.err b/tests/tests/usertools/13_usermod_move_homedir_file/data/usermod.err
new file mode 100644
index 0000000..d271507
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/data/usermod.err
@@ -0,0 +1 @@
+usermod: The previous home directory (/home/foo) was not a directory. It is not removed and no home directories are created.
diff --git a/tests/tests/usertools/13_usermod_move_homedir_file/usermod.test b/tests/tests/usertools/13_usermod_move_homedir_file/usermod.test
new file mode 100755
index 0000000..2df56e0
--- /dev/null
+++ b/tests/tests/usertools/13_usermod_move_homedir_file/usermod.test
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+# TBC: should usermod create the home directory?
+log_start "$0" "usermod does not move non-directory (regular file)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /home/foo' 0
+
+change_config
+
+touch /home/foo
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check /home/foo was not removed..."
+test -f /home/foo
+echo "OK"
+echo -n "Check the user's home directory was not created..."
+test ! -e /home/foo2
+echo "OK"
+
+rm -f /home/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config.txt b/tests/tests/usertools/14_usermod_move_homedir_other_device/config.txt
new file mode 100644
index 0000000..3d43135
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config.txt
@@ -0,0 +1,5 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/default/useradd b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/group b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/gshadow b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/passwd b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/shadow b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/data/home_ls-a b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/home_ls-a
new file mode 100644
index 0000000..f7abeaa
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/home_ls-a
@@ -0,0 +1,7 @@
+-rw-r--r-- foo:foo `/tmp/home/foo2/.tata'
+-rw-r--r-- foo:foo `/tmp/home/foo2/toto'
+crw-r--r-- foo:foo `/tmp/home/foo2/null'
+drwxr-xr-x foo:foo `/tmp/home/foo2/.'
+drwxr-xr-x foo:foo `/tmp/home/foo2/titi'
+drwxr-xr-x root:root `/tmp/home/foo2/..'
+lrwxrwxrwx foo:foo `/tmp/home/foo2/tutu' -> `/tmp/home/foo2/toto'
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/data/passwd b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/passwd
new file mode 100644
index 0000000..86c29de
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/home/foo2:/bin/false
diff --git a/tests/tests/usertools/14_usermod_move_homedir_other_device/usermod.test b/tests/tests/usertools/14_usermod_move_homedir_other_device/usermod.test
new file mode 100755
index 0000000..e595ed3
--- /dev/null
+++ b/tests/tests/usertools/14_usermod_move_homedir_other_device/usermod.test
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod keeps links or devices when it moves the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2; umount /tmp/home; rmdir /tmp/home' 0
+
+change_config
+
+mkdir /home/foo
+mkdir /home/foo/titi
+echo toto > /home/foo/toto
+ln /home/foo/toto /home/foo/.tata
+ln -s /home/foo/toto /home/foo/tutu
+mknod /home/foo/null c 1 3
+chown -R foo:foo /home/foo
+
+mkdir /tmp/home
+mount --bind /home /tmp/home
+
+echo -n "Change the user's home directory (usermod -m -d /tmp/home/foo2 foo)..."
+usermod -m -d /tmp/home/foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/home/foo2/..."
+stat --printf "%A %U:%G %N\n" /tmp/home/foo2/* /tmp/home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /tmp/home/foo2
+echo "done"
+
+umount /tmp/home
+rmdir /tmp/home
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config.txt b/tests/tests/usertools/15_usermod_change_supplementary_groups/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/group b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/passwd b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/shadow b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/data/group b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/group
new file mode 100644
index 0000000..6de5fa5
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:foo
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/data/gshadow b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..8df27c9
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::foo
+sys:*::root
+adm:*::root
+tty:*::
+disk:*:foo:
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:
+voice:*::
+cdrom:*:foo:
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/15_usermod_change_supplementary_groups/usermod.test b/tests/tests/usertools/15_usermod_change_supplementary_groups/usermod.test
new file mode 100755
index 0000000..74d3ab7
--- /dev/null
+++ b/tests/tests/usertools/15_usermod_change_supplementary_groups/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the list of supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin,daemon foo)..."
+usermod -G bin,daemon foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config.txt b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/group b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/passwd b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/shadow b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/group b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/gshadow b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..c152e93
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*:foo:
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:
+voice:*::
+cdrom:*:foo:
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/16_usermod_clear_supplementary_groups/usermod.test b/tests/tests/usertools/16_usermod_clear_supplementary_groups/usermod.test
new file mode 100755
index 0000000..6965190
--- /dev/null
+++ b/tests/tests/usertools/16_usermod_clear_supplementary_groups/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can clear the list of supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G \"\" foo)..."
+usermod -G "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config.txt b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/default/useradd b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/group b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/gshadow b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/passwd b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/shadow b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/group b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/group
new file mode 100644
index 0000000..09dc6c1
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:root,foo
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:foo
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/gshadow b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/gshadow
new file mode 100644
index 0000000..f111ae2
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::root,foo
+adm:*::root
+tty:*::
+disk:*:foo:
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::foo
+kmem:*::
+dialout:*::
+fax:*:foo:
+voice:*::
+cdrom:*:foo:
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/usermod.test b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
new file mode 100755
index 0000000..ecd3a5f
--- /dev/null
+++ b/tests/tests/usertools/17_usermod_change_supplementary_groups_numerical/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the list of supplementary groups, with numerical groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G 13,bin,3 foo)..."
+usermod -G 13,bin,3 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config.txt b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/default/useradd b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/group b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/gshadow b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/passwd b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/shadow b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/data/usermod.err b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/data/usermod.err
new file mode 100644
index 0000000..6cf0f1f
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/data/usermod.err
@@ -0,0 +1 @@
+usermod: group 'damon' does not exist
diff --git a/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
new file mode 100755
index 0000000..002bc53
--- /dev/null
+++ b/tests/tests/usertools/18_usermod_change_supplementary_groups-unknown_group/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod fails if asked to add an user to an unknown named group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin,damon foo)..."
+usermod -G bin,damon foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config.txt b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/default/useradd b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/group b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/gshadow b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/passwd b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/shadow b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/data/usermod.err b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/data/usermod.err
new file mode 100644
index 0000000..5702177
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/data/usermod.err
@@ -0,0 +1 @@
+usermod: group '4242' does not exist
diff --git a/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
new file mode 100755
index 0000000..1915240
--- /dev/null
+++ b/tests/tests/usertools/19_usermod_change_supplementary_groups-unknown_numerical_group/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod fails if asked to add an user to an unknown numerical group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin,4242,daemon foo)..."
+usermod -G bin,4242,daemon foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config.txt b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/default/useradd b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/group b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/gshadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/passwd b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/shadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/group b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/group
new file mode 100644
index 0000000..730e4dd
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/gshadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/gshadow
new file mode 100644
index 0000000..af81c09
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/passwd b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/shadow b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/20_usermod_rename_user_in_member_lists/usermod.test b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/usermod.test
new file mode 100755
index 0000000..8e0a2cd
--- /dev/null
+++ b/tests/tests/usertools/20_usermod_rename_user_in_member_lists/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod rename the user in the lists of members, when an user is renamed with -l"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename user foo (usermod -l foo2 foo)..."
+usermod -l foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config.txt b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/group b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/passwd b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/shadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/group b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/group
new file mode 100644
index 0000000..99e54fa
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo2
+bin:x:2:foo2
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/gshadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..6ce4903
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo2
+bin:*::foo2
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/passwd b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/shadow b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
new file mode 100755
index 0000000..409b3ac
--- /dev/null
+++ b/tests/tests/usertools/21_usermod_rename_user_in_member_lists-and-add_supplementary_groups/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod rename the user in the lists of members and uses the right username when adding the user to supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename the user and change the user's list of supplementary groups (usermod -l foo2 -a -G bin,daemon foo)..."
+usermod -l foo2 -a -G bin,daemon foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config.txt b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/default/useradd b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/group b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/gshadow b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/passwd b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/shadow b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/group b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/group
new file mode 100644
index 0000000..84c8697
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo
+bin:x:2:foo
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/gshadow b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/gshadow
new file mode 100644
index 0000000..d0a61a3
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo
+bin:*::foo
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/22_usermod-a_existing_supplementary_group/usermod.test b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/usermod.test
new file mode 100755
index 0000000..e83a3e0
--- /dev/null
+++ b/tests/tests/usertools/22_usermod-a_existing_supplementary_group/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not fail when requested to add the user to a group it is already a member"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's list of supplementary groups (usermod -a -G bin,daemon,floppy foo)..."
+usermod -a -G bin,daemon,floppy foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config.txt b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/default/useradd b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/group b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/gshadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/passwd b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/shadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/group b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/group
new file mode 100644
index 0000000..99e54fa
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:foo2
+bin:x:2:foo2
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/gshadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/gshadow
new file mode 100644
index 0000000..6ce4903
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::foo2
+bin:*::foo2
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/passwd b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/shadow b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
new file mode 100755
index 0000000..a2b74ae
--- /dev/null
+++ b/tests/tests/usertools/23_usermod-a_existing_supplementary_group+rename/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod renames the user when requested to add an user to a group it is already a member and to rename this user"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename the user and change the its list of supplementary groups (usermod -l foo2 -a -G bin,daemon,floppy foo)..."
+usermod -l foo2 -a -G bin,daemon,floppy foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config.txt b/tests/tests/usertools/24_usermod_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config.txt
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/group b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/gshadow b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/passwd b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/config/etc/shadow b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/data/usermod.err b/tests/tests/usertools/24_usermod_locked_passwd/data/usermod.err
new file mode 100644
index 0000000..b1d59ec
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/passwd.lock without a PID
+usermod: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/24_usermod_locked_passwd/usermod.test b/tests/tests/usertools/24_usermod_locked_passwd/usermod.test
new file mode 100755
index 0000000..6348998
--- /dev/null
+++ b/tests/tests/usertools/24_usermod_locked_passwd/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config.txt b/tests/tests/usertools/25_usermod-G_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config.txt
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/default/useradd b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/group b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/gshadow b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/passwd b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/config/etc/shadow b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/data/usermod.err b/tests/tests/usertools/25_usermod-G_locked_group/data/usermod.err
new file mode 100644
index 0000000..4b1d8f9
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/group.lock without a PID
+usermod: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/25_usermod-G_locked_group/usermod.test b/tests/tests/usertools/25_usermod-G_locked_group/usermod.test
new file mode 100755
index 0000000..a29cfaa
--- /dev/null
+++ b/tests/tests/usertools/25_usermod-G_locked_group/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config.txt b/tests/tests/usertools/26_usermod_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config.txt
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/group b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/gshadow b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/passwd b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/config/etc/shadow b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/data/usermod.err b/tests/tests/usertools/26_usermod_locked_shadow/data/usermod.err
new file mode 100644
index 0000000..f490717
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/shadow.lock without a PID
+usermod: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/26_usermod_locked_shadow/usermod.test b/tests/tests/usertools/26_usermod_locked_shadow/usermod.test
new file mode 100755
index 0000000..b35c69b
--- /dev/null
+++ b/tests/tests/usertools/26_usermod_locked_shadow/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config.txt b/tests/tests/usertools/27_usermod-G_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config.txt
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/group b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/passwd b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/shadow b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/data/usermod.err b/tests/tests/usertools/27_usermod-G_locked_gshadow/data/usermod.err
new file mode 100644
index 0000000..d065cee
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/gshadow.lock without a PID
+usermod: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/27_usermod-G_locked_gshadow/usermod.test b/tests/tests/usertools/27_usermod-G_locked_gshadow/usermod.test
new file mode 100755
index 0000000..6709fbc
--- /dev/null
+++ b/tests/tests/usertools/27_usermod-G_locked_gshadow/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -G checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -G bin foo)..."
+usermod -G bin foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config.txt b/tests/tests/usertools/28_usermod-c_locked_group/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/default/useradd b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/group b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/gshadow b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/passwd b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/config/etc/shadow b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/data/passwd b/tests/tests/usertools/28_usermod-c_locked_group/data/passwd
new file mode 100644
index 0000000..c7bb997
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:new comment:/home/foo:/bin/false
diff --git a/tests/tests/usertools/28_usermod-c_locked_group/usermod.test b/tests/tests/usertools/28_usermod-c_locked_group/usermod.test
new file mode 100755
index 0000000..9bb03a0
--- /dev/null
+++ b/tests/tests/usertools/28_usermod-c_locked_group/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -c does not check if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change the user's comment (usermod -c \"new comment\" foo)..."
+usermod -c "new comment" foo
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config.txt b/tests/tests/usertools/29_usermod-c_locked_gshadow/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/group b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/passwd b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/shadow b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/data/passwd b/tests/tests/usertools/29_usermod-c_locked_gshadow/data/passwd
new file mode 100644
index 0000000..c7bb997
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:new comment:/home/foo:/bin/false
diff --git a/tests/tests/usertools/29_usermod-c_locked_gshadow/usermod.test b/tests/tests/usertools/29_usermod-c_locked_gshadow/usermod.test
new file mode 100755
index 0000000..096b05f
--- /dev/null
+++ b/tests/tests/usertools/29_usermod-c_locked_gshadow/usermod.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -c does not check if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change the user's comment (usermod -c \"new comment\" foo)..."
+usermod -c "new comment" foo
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config.txt b/tests/tests/usertools/30_usermod-l_locked_group/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/default/useradd b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/group b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/gshadow b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/passwd b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/config/etc/shadow b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/data/usermod.err b/tests/tests/usertools/30_usermod-l_locked_group/data/usermod.err
new file mode 100644
index 0000000..4b1d8f9
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/group.lock without a PID
+usermod: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/30_usermod-l_locked_group/usermod.test b/tests/tests/usertools/30_usermod-l_locked_group/usermod.test
new file mode 100755
index 0000000..8b3799c
--- /dev/null
+++ b/tests/tests/usertools/30_usermod-l_locked_group/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -l fails if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config.txt b/tests/tests/usertools/31_usermod-l_locked_gshadow/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/group b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/passwd b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/shadow b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/data/usermod.err b/tests/tests/usertools/31_usermod-l_locked_gshadow/data/usermod.err
new file mode 100644
index 0000000..d065cee
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: existing lock file /etc/gshadow.lock without a PID
+usermod: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/31_usermod-l_locked_gshadow/usermod.test b/tests/tests/usertools/31_usermod-l_locked_gshadow/usermod.test
new file mode 100755
index 0000000..1e18287
--- /dev/null
+++ b/tests/tests/usertools/31_usermod-l_locked_gshadow/usermod.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod -l fails if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Change the user's list of supplementary groups (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config.txt b/tests/tests/usertools/32_usermod-u_new_UID/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/default/useradd b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/group b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/gshadow b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/passwd b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/config/etc/shadow b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/data/passwd b/tests/tests/usertools/32_usermod-u_new_UID/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/32_usermod-u_new_UID/usermod.test b/tests/tests/usertools/32_usermod-u_new_UID/usermod.test
new file mode 100755
index 0000000..ca04c6f
--- /dev/null
+++ b/tests/tests/usertools/32_usermod-u_new_UID/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the user's UID"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config.txt b/tests/tests/usertools/33_usermod-u_existing_UID/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/default/useradd b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/group b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/gshadow b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/passwd b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/shadow b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/data/usermod.err b/tests/tests/usertools/33_usermod-u_existing_UID/data/usermod.err
new file mode 100644
index 0000000..dd2fa8a
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/data/usermod.err
@@ -0,0 +1 @@
+usermod: UID '1001' already exists
diff --git a/tests/tests/usertools/33_usermod-u_existing_UID/usermod.test b/tests/tests/usertools/33_usermod-u_existing_UID/usermod.test
new file mode 100755
index 0000000..10c1e28
--- /dev/null
+++ b/tests/tests/usertools/33_usermod-u_existing_UID/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new user's UID is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 1001 foo)..."
+usermod -u 1001 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "4"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config.txt b/tests/tests/usertools/34_usermod-u-o_existing_UID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/default/useradd b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/group b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/gshadow b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/passwd b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/shadow b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/data/passwd b/tests/tests/usertools/34_usermod-u-o_existing_UID/data/passwd
new file mode 100644
index 0000000..28bc739
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1001:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/34_usermod-u-o_existing_UID/usermod.test b/tests/tests/usertools/34_usermod-u-o_existing_UID/usermod.test
new file mode 100755
index 0000000..5ea5210
--- /dev/null
+++ b/tests/tests/usertools/34_usermod-u-o_existing_UID/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can change the user's UID to an existing UID (with -o)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -o -u 1001 foo)..."
+usermod -o -u 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config.txt b/tests/tests/usertools/35_usermod-u_invalid_UID/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/default/useradd b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/group b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/gshadow b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/passwd b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/shadow b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/data/usermod.err b/tests/tests/usertools/35_usermod-u_invalid_UID/data/usermod.err
new file mode 100644
index 0000000..2d5c5e9
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid user ID '100a1'
diff --git a/tests/tests/usertools/35_usermod-u_invalid_UID/usermod.test b/tests/tests/usertools/35_usermod-u_invalid_UID/usermod.test
new file mode 100755
index 0000000..43f0daf
--- /dev/null
+++ b/tests/tests/usertools/35_usermod-u_invalid_UID/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the uid is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 100a1 foo)..."
+usermod -u 100a1 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config.txt b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config.txt
new file mode 100644
index 0000000..b337f3f
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000, home directory: /home/foo
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/default/useradd b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/group b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/gshadow b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/passwd b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/shadow b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/home_ls-a b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/home_ls-a
new file mode 100644
index 0000000..24c9573
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/home_ls-a
@@ -0,0 +1,7 @@
+-rw-r--r-- 1001:1000 `/home/foo2/.tata'
+-rw-r--r-- 1001:1000 `/home/foo2/toto'
+crw-r--r-- 1001:1000 `/home/foo2/null'
+drwxr-xr-x 0:0 `/home/foo2/..'
+drwxr-xr-x 1001:1000 `/home/foo2/.'
+drwxr-xr-x 1001:1000 `/home/foo2/titi'
+lrwxrwxrwx 1001:1000 `/home/foo2/tutu' -> `/tmp/home/foo2/toto'
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/passwd b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/passwd
new file mode 100644
index 0000000..9327c6d
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1001:1000::/tmp/home/foo2:/bin/false
diff --git a/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
new file mode 100755
index 0000000..6a8d708
--- /dev/null
+++ b/tests/tests/usertools/36_usermod_change_uid+move_homedir_other_device/usermod.test
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory, over a new device and changes the owner of the user's file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2; umount /tmp/home; rmdir /tmp/home' 0
+
+change_config
+
+mkdir /home/foo
+mkdir /home/foo/titi
+echo toto > /home/foo/toto
+ln /home/foo/toto /home/foo/.tata
+ln -s /home/foo/toto /home/foo/tutu
+mknod /home/foo/null c 1 3
+chown -R foo:foo /home/foo
+stat --printf "%A %u:%g %N\n" /home/foo/* /home/foo/.* 2>/dev/null | sort
+
+mkdir /tmp/home
+mount --bind /home /tmp/home
+
+echo -n "Change the user's home directory (usermod -m -d /tmp/home/foo2 -u 1001 foo ..."
+usermod -m -d /tmp/home/foo2 -u 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %u:%g %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+umount /tmp/home
+rmdir /tmp/home
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config.txt b/tests/tests/usertools/37_Debian_Bug_470745/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/default/useradd b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/group b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/gshadow b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/passwd b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/config/etc/shadow b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/group b/tests/tests/usertools/37_Debian_Bug_470745/data/group
new file mode 100644
index 0000000..ad32c02
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/group
@@ -0,0 +1,45 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
+tr:x:1002:
+rtr:x:1003:
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/gshadow b/tests/tests/usertools/37_Debian_Bug_470745/data/gshadow
new file mode 100644
index 0000000..01b3553
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/gshadow
@@ -0,0 +1,45 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
+tr:!::
+tr:!::
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/passwd b/tests/tests/usertools/37_Debian_Bug_470745/data/passwd
new file mode 100644
index 0000000..0e31259
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/passwd
@@ -0,0 +1,22 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
+tr:x:1002:1002::/tmp/tr:/bin/foobar
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/shadow b/tests/tests/usertools/37_Debian_Bug_470745/data/shadow
new file mode 100644
index 0000000..ccbe580
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/shadow
@@ -0,0 +1,22 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
+tr:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/data/usermod.err b/tests/tests/usertools/37_Debian_Bug_470745/data/usermod.err
new file mode 100644
index 0000000..46df292
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/data/usermod.err
@@ -0,0 +1,2 @@
+Multiple entries named 'tr' in /etc/gshadow. Please fix this with pwck or grpck.
+usermod: failed to prepare the new /etc/gshadow entry 'tr'
diff --git a/tests/tests/usertools/37_Debian_Bug_470745/usermod.test b/tests/tests/usertools/37_Debian_Bug_470745/usermod.test
new file mode 100755
index 0000000..8aa75ba
--- /dev/null
+++ b/tests/tests/usertools/37_Debian_Bug_470745/usermod.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new user's UID is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo add group tr
+groupadd tr
+echo add group rtr
+groupadd rtr
+echo add user tr to group tr
+useradd -g tr tr
+echo rename group rtr to tr in /etc/gshadow
+perl -pi -e 's/rtr/tr/g' /etc/gshadow
+echo add user tr to the member list of tr
+usermod -G tr tr 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config.txt b/tests/tests/usertools/38_usermod_invalid_user/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/default/useradd b/tests/tests/usertools/38_usermod_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/group b/tests/tests/usertools/38_usermod_invalid_user/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/gshadow b/tests/tests/usertools/38_usermod_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/passwd b/tests/tests/usertools/38_usermod_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/38_usermod_invalid_user/config/etc/shadow b/tests/tests/usertools/38_usermod_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/38_usermod_invalid_user/data/usermod.err b/tests/tests/usertools/38_usermod_invalid_user/data/usermod.err
new file mode 100644
index 0000000..83a9183
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'fooinvalid' does not exist
diff --git a/tests/tests/usertools/38_usermod_invalid_user/usermod.test b/tests/tests/usertools/38_usermod_invalid_user/usermod.test
new file mode 100755
index 0000000..e88034d
--- /dev/null
+++ b/tests/tests/usertools/38_usermod_invalid_user/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the user is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change an invalid user (usermod -u 100 fooinvalid)..."
+usermod -u 100 fooinvalid 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config.txt b/tests/tests/usertools/39_usermod_-c_invalid_comment/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/default/useradd b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/group b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/gshadow b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/passwd b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/shadow b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/data/usermod.err b/tests/tests/usertools/39_usermod_-c_invalid_comment/data/usermod.err
new file mode 100644
index 0000000..2cdfa7a
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid field 'com:ment'
diff --git a/tests/tests/usertools/39_usermod_-c_invalid_comment/usermod.test b/tests/tests/usertools/39_usermod_-c_invalid_comment/usermod.test
new file mode 100755
index 0000000..5a240ed
--- /dev/null
+++ b/tests/tests/usertools/39_usermod_-c_invalid_comment/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks validity of -c argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid comment (usermod -c 'com:ment' foo)..."
+usermod -c 'com:ment' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config.txt b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/default/useradd b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/group b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/gshadow b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/passwd b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/shadow b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/data/usermod.err b/tests/tests/usertools/40_usermod_-d_invalid_homedir/data/usermod.err
new file mode 100644
index 0000000..0b376d6
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/data/usermod.err
@@ -0,0 +1,2 @@
+usermod: invalid field 'home
+directory'
diff --git a/tests/tests/usertools/40_usermod_-d_invalid_homedir/usermod.test b/tests/tests/usertools/40_usermod_-d_invalid_homedir/usermod.test
new file mode 100755
index 0000000..c510489
--- /dev/null
+++ b/tests/tests/usertools/40_usermod_-d_invalid_homedir/usermod.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks validity of -d argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid homedir (usermod -d 'home
+directory' foo)..."
+usermod -d 'home
+directory' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config.txt b/tests/tests/usertools/41_usermod_-d_invalid_shell/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/default/useradd b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/group b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/gshadow b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/passwd b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/shadow b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/data/usermod.err b/tests/tests/usertools/41_usermod_-d_invalid_shell/data/usermod.err
new file mode 100644
index 0000000..b105c0e
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid field 'sh:ell'
diff --git a/tests/tests/usertools/41_usermod_-d_invalid_shell/usermod.test b/tests/tests/usertools/41_usermod_-d_invalid_shell/usermod.test
new file mode 100755
index 0000000..44ce22b
--- /dev/null
+++ b/tests/tests/usertools/41_usermod_-d_invalid_shell/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks validity of -s argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid shell (usermod -s 'sh:ell' foo)..."
+usermod -s 'sh:ell' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config.txt b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/default/useradd b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/group b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/gshadow b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/passwd b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/shadow b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/data/usermod.err b/tests/tests/usertools/42_usermod_-g_invalid_group_name/data/usermod.err
new file mode 100644
index 0000000..dbd9dc7
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/data/usermod.err
@@ -0,0 +1 @@
+usermod: group 'fooinvalid' does not exist
diff --git a/tests/tests/usertools/42_usermod_-g_invalid_group_name/usermod.test b/tests/tests/usertools/42_usermod_-g_invalid_group_name/usermod.test
new file mode 100755
index 0000000..22fd107
--- /dev/null
+++ b/tests/tests/usertools/42_usermod_-g_invalid_group_name/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks existence of the specified primary group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid shell (usermod -g 'fooinvalid' foo)..."
+usermod -g 'fooinvalid' foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config.txt b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/default/useradd b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/group b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/gshadow b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/passwd b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/shadow b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/data/usermod.err b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/data/usermod.err
new file mode 100644
index 0000000..82d3de6
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/data/usermod.err
@@ -0,0 +1 @@
+usermod: group '12345' does not exist
diff --git a/tests/tests/usertools/43_usermod_-g_invalid_group_ID/usermod.test b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/usermod.test
new file mode 100755
index 0000000..5d60cef
--- /dev/null
+++ b/tests/tests/usertools/43_usermod_-g_invalid_group_ID/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks existence of the specified primary group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change to and invalid shell (usermod -g 12345 foo)..."
+usermod -g 12345 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config.txt b/tests/tests/usertools/44_usermod-l_existing_username/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/default/useradd b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/group b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/gshadow b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/passwd b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/config/etc/shadow b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/data/usermod.err b/tests/tests/usertools/44_usermod-l_existing_username/data/usermod.err
new file mode 100644
index 0000000..895463e
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'foo2' already exists
diff --git a/tests/tests/usertools/44_usermod-l_existing_username/usermod.test b/tests/tests/usertools/44_usermod-l_existing_username/usermod.test
new file mode 100755
index 0000000..f3cbf15
--- /dev/null
+++ b/tests/tests/usertools/44_usermod-l_existing_username/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new username is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config.txt b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/default/useradd b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/group b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/gshadow b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/passwd b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/shadow b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/shadow
new file mode 100644
index 0000000..7d2cc65
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo3:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/data/usermod.err b/tests/tests/usertools/45_usermod-l_existing_username_passwd/data/usermod.err
new file mode 100644
index 0000000..895463e
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'foo2' already exists
diff --git a/tests/tests/usertools/45_usermod-l_existing_username_passwd/usermod.test b/tests/tests/usertools/45_usermod-l_existing_username_passwd/usermod.test
new file mode 100755
index 0000000..f3cbf15
--- /dev/null
+++ b/tests/tests/usertools/45_usermod-l_existing_username_passwd/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new username is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config.txt b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/default/useradd b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/group b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/gshadow b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/passwd b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/passwd
new file mode 100644
index 0000000..92eddca
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo3:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/shadow b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/data/usermod.err b/tests/tests/usertools/46_usermod-l_existing_username_shadow/data/usermod.err
new file mode 100644
index 0000000..16ef5fc
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/data/usermod.err
@@ -0,0 +1 @@
+usermod: user 'foo2' already exists in /etc/shadow
diff --git a/tests/tests/usertools/46_usermod-l_existing_username_shadow/usermod.test b/tests/tests/usertools/46_usermod-l_existing_username_shadow/usermod.test
new file mode 100755
index 0000000..f3cbf15
--- /dev/null
+++ b/tests/tests/usertools/46_usermod-l_existing_username_shadow/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod tests if the new username is already used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config.txt b/tests/tests/usertools/47_usermod-l_no_shadow_file/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/group b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/passwd b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/shadow b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/data/group b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/group
new file mode 100644
index 0000000..730e4dd
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/data/gshadow b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..af81c09
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo2
+tty:*::foo2
+disk:*:foo2:
+lp:*::root,foo2
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo2:foo2
+voice:*::
+cdrom:*:foo2:foo2
+floppy:*::foo2
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/data/passwd b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/passwd
new file mode 100644
index 0000000..f542fb0
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/47_usermod-l_no_shadow_file/usermod.test b/tests/tests/usertools/47_usermod-l_no_shadow_file/usermod.test
new file mode 100755
index 0000000..46bdc57
--- /dev/null
+++ b/tests/tests/usertools/47_usermod-l_no_shadow_file/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change the user's name (usermod -l foo2 foo)..."
+usermod -l foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config.txt b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/default/useradd b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/group b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/gshadow b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/passwd b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/passwd
new file mode 100644
index 0000000..9ae1f6f
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1000:::/bin/false
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/shadow b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/group b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/passwd b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/passwd
new file mode 100644
index 0000000..6b6522f
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1000:::/bin/false
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/shadow b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/userdel.err b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/userdel.err
new file mode 100644
index 0000000..157a8fc
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/data/userdel.err
@@ -0,0 +1 @@
+userdel: group foo is the primary group of another user and is not removed.
diff --git a/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/userdel.test b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
new file mode 100755
index 0000000..750780e
--- /dev/null
+++ b/tests/tests/usertools/48_userdel_keep_group_if_primary_other_user/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it is still used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo 2>tmp/userdel.err
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config.txt b/tests/tests/usertools/49_userdel_delete_users_group/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/default/useradd b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/group b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/gshadow b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/passwd b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/config/etc/shadow b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/group b/tests/tests/usertools/49_userdel_delete_users_group/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/gshadow b/tests/tests/usertools/49_userdel_delete_users_group/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/passwd b/tests/tests/usertools/49_userdel_delete_users_group/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/data/shadow b/tests/tests/usertools/49_userdel_delete_users_group/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/49_userdel_delete_users_group/userdel.test b/tests/tests/usertools/49_userdel_delete_users_group/userdel.test
new file mode 100755
index 0000000..90e7afc
--- /dev/null
+++ b/tests/tests/usertools/49_userdel_delete_users_group/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it is still used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config.txt b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/default/useradd b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/group b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/gshadow b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/gshadow
new file mode 100644
index 0000000..9fdfaa0
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo3:*::
+foo2:*::
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/passwd b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/shadow b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/group b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/passwd b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/shadow b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
new file mode 100755
index 0000000..4293f27
--- /dev/null
+++ b/tests/tests/usertools/50_userdel_delete_users_group_no_gshadow_group/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel remove the user's group even if it does not exist in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config.txt b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/default/useradd b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/group b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/gshadow b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..9fdfaa0
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo3:*::
+foo2:*::
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/passwd b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/shadow b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/group b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/passwd b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/shadow b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
new file mode 100755
index 0000000..72cd32f
--- /dev/null
+++ b/tests/tests/usertools/51_userdel_delete_users_group_no_gshadow_file/userdel.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel remove the user's group even if it does not exist in gshadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/gshadow..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config.txt b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/group b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..2c64068
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo3:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/group b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/gshadow b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/passwd b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/userdel.test b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
new file mode 100755
index 0000000..244adc9
--- /dev/null
+++ b/tests/tests/usertools/52_userdel_delete_user_no_shadow_entry/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel accepts when the user has no shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config.txt b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/group b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/passwd b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/shadow b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2c64068
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo3:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/group b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/group
new file mode 100644
index 0000000..4b6a079
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo2:x:1001:
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/gshadow b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..08d25a2
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo2:*::
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/passwd b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/userdel.test b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/userdel.test
new file mode 100755
index 0000000..26bc485
--- /dev/null
+++ b/tests/tests/usertools/53_userdel_delete_user_no_shadow_file/userdel.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel accepts when the user is not is shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Delete user test1 (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config.txt b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config.txt
new file mode 100644
index 0000000..93534c3
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config.txt
@@ -0,0 +1 @@
+user foo exists.
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/default/useradd b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/group b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/group
new file mode 100644
index 0000000..feb1bca
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/gshadow b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/gshadow
new file mode 100644
index 0000000..5f131b1
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/passwd b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/passwd
new file mode 100644
index 0000000..6d87df1
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+foo2:x:1001:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/shadow b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/data/usermod.err b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/data/usermod.err
new file mode 100644
index 0000000..862ad44
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid user ID '4294967295'
diff --git a/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/usermod.test b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
new file mode 100755
index 0000000..0872846
--- /dev/null
+++ b/tests/tests/usertools/54_usermod-u_invalid_UID_4294967295/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod checks if the uid is valid"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's UID (usermod -u 4294967295 foo)..."
+usermod -u 4294967295 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "error message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/55_userdel_busy_user/config.txt b/tests/tests/usertools/55_userdel_busy_user/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/default/useradd b/tests/tests/usertools/55_userdel_busy_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/group b/tests/tests/usertools/55_userdel_busy_user/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/gshadow b/tests/tests/usertools/55_userdel_busy_user/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/passwd b/tests/tests/usertools/55_userdel_busy_user/config/etc/passwd
new file mode 100644
index 0000000..82223ff
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/bash
diff --git a/tests/tests/usertools/55_userdel_busy_user/config/etc/shadow b/tests/tests/usertools/55_userdel_busy_user/config/etc/shadow
new file mode 100644
index 0000000..23ff0c0
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12977:0:99999:7:::
diff --git a/tests/tests/usertools/55_userdel_busy_user/data/userdel.err b/tests/tests/usertools/55_userdel_busy_user/data/userdel.err
new file mode 100644
index 0000000..860d096
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/data/userdel.err
@@ -0,0 +1 @@
+userdel: user foo is currently used by process <PID>
diff --git a/tests/tests/usertools/55_userdel_busy_user/userdel.test b/tests/tests/usertools/55_userdel_busy_user/userdel.test
new file mode 100755
index 0000000..45d6e3f
--- /dev/null
+++ b/tests/tests/usertools/55_userdel_busy_user/userdel.test
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel accepts when the user is not is shadow"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; kill $pid' 0
+
+change_config
+
+echo -n "Create a process for foo (su -l foo -c \"sleep 10\")..."
+su -l foo -c "sleep 10" 2>/dev/null &
+echo "OK"
+
+# Make sure su was started.
+sleep 1
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	ps=$(echo $! $?)
+	pid=$(echo $ps | cut -f1 -d' ')
+	status=$(echo $ps | cut -f2 -d' ')
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "8"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+sed -i -e "s/ [0-9]*$/ <PID>/" tmp/userdel.err
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+
+kill $pid || true
+wait || true
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config.txt b/tests/tests/usertools/56_userdel_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config.txt
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/group b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/gshadow b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/passwd b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/config/etc/shadow b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/data/userdel.err b/tests/tests/usertools/56_userdel_locked_passwd/data/userdel.err
new file mode 100644
index 0000000..183acb4
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/passwd.lock without a PID
+userdel: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/56_userdel_locked_passwd/userdel.test b/tests/tests/usertools/56_userdel_locked_passwd/userdel.test
new file mode 100755
index 0000000..af186a9
--- /dev/null
+++ b/tests/tests/usertools/56_userdel_locked_passwd/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/57_userdel_locked_group/config.txt b/tests/tests/usertools/57_userdel_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config.txt
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/default/useradd b/tests/tests/usertools/57_userdel_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/group b/tests/tests/usertools/57_userdel_locked_group/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/gshadow b/tests/tests/usertools/57_userdel_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/passwd b/tests/tests/usertools/57_userdel_locked_group/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/57_userdel_locked_group/config/etc/shadow b/tests/tests/usertools/57_userdel_locked_group/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/57_userdel_locked_group/data/userdel.err b/tests/tests/usertools/57_userdel_locked_group/data/userdel.err
new file mode 100644
index 0000000..1e947b2
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/group.lock without a PID
+userdel: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/57_userdel_locked_group/userdel.test b/tests/tests/usertools/57_userdel_locked_group/userdel.test
new file mode 100755
index 0000000..01e8c8c
--- /dev/null
+++ b/tests/tests/usertools/57_userdel_locked_group/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config.txt b/tests/tests/usertools/58_userdel_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config.txt
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/group b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/gshadow b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/passwd b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/config/etc/shadow b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/data/userdel.err b/tests/tests/usertools/58_userdel_locked_shadow/data/userdel.err
new file mode 100644
index 0000000..324b9ec
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/shadow.lock without a PID
+userdel: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/58_userdel_locked_shadow/userdel.test b/tests/tests/usertools/58_userdel_locked_shadow/userdel.test
new file mode 100755
index 0000000..54acf61
--- /dev/null
+++ b/tests/tests/usertools/58_userdel_locked_shadow/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config.txt b/tests/tests/usertools/59_userdel_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config.txt
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/group b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/passwd b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/shadow b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/data/userdel.err b/tests/tests/usertools/59_userdel_locked_gshadow/data/userdel.err
new file mode 100644
index 0000000..7a56771
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/data/userdel.err
@@ -0,0 +1,2 @@
+userdel: existing lock file /etc/gshadow.lock without a PID
+userdel: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/59_userdel_locked_gshadow/userdel.test b/tests/tests/usertools/59_userdel_locked_gshadow/userdel.test
new file mode 100755
index 0000000..97993b9
--- /dev/null
+++ b/tests/tests/usertools/59_userdel_locked_gshadow/userdel.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config.txt b/tests/tests/usertools/60_userdel_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config.txt
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/default/useradd b/tests/tests/usertools/60_userdel_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/group b/tests/tests/usertools/60_userdel_invalid_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/gshadow b/tests/tests/usertools/60_userdel_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/passwd b/tests/tests/usertools/60_userdel_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/60_userdel_invalid_user/config/etc/shadow b/tests/tests/usertools/60_userdel_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/60_userdel_invalid_user/data/userdel.err b/tests/tests/usertools/60_userdel_invalid_user/data/userdel.err
new file mode 100644
index 0000000..97598b9
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/data/userdel.err
@@ -0,0 +1 @@
+userdel: user 'fooo' does not exist
diff --git a/tests/tests/usertools/60_userdel_invalid_user/userdel.test b/tests/tests/usertools/60_userdel_invalid_user/userdel.test
new file mode 100755
index 0000000..b070736
--- /dev/null
+++ b/tests/tests/usertools/60_userdel_invalid_user/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel checks if the user exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user fooo (userdel fooo)..."
+userdel fooo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config.txt b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/default/useradd b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/group b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/gshadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/passwd b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/shadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/group b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/gshadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/passwd b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/shadow b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/userdel.err b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/userdel.err
new file mode 100644
index 0000000..5d7b44f
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/data/userdel.err
@@ -0,0 +1 @@
+userdel: foo mail spool (/var/mail/foo) not found
diff --git a/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/userdel.test b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/userdel.test
new file mode 100755
index 0000000..a123ccb
--- /dev/null
+++ b/tests/tests/usertools/61_userdel_del_homedir_with_symlinks/userdel.test
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "userdel delete links, but not the pointed file/directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+mkdir /home/foo
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo' 0
+mkdir /home/bar
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/bar' 0
+touch /home/baz
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/bar /home/baz' 0
+echo toto > /home/foo/toto
+ln -s /home/bar /home/foo/bar
+ln -s /home/baz /home/foo/baz
+chown -R foo:foo /home/foo /home/bar /home/baz
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo 2>tmp/userdel.err
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check the userdel message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "userdel message OK."
+rm -f tmp/userdel.err
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check that directory pointed from a foo's link is not removed..."
+test -d /home/bar
+echo "OK"
+echo -n "Check that file pointed from a foo's link is not removed..."
+test -f /home/baz
+echo "OK"
+rm -rf /home/bar /home/baz
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config.txt b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config.txt
new file mode 100644
index 0000000..15b78c6
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config.txt
@@ -0,0 +1,4 @@
+user foo, in group users (only in /etc/group)
+user bar, in group users (only in /etc/group)
+user foo, in group floppy
+user bar, in group fax
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/default/useradd b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/group b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/group
new file mode 100644
index 0000000..3115181
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:bar
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bar
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/gshadow b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/gshadow
new file mode 100644
index 0000000..c391b84
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::bar
+voice:*::
+cdrom:*::
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/passwd b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/passwd
new file mode 100644
index 0000000..d82d534
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+bar:x:1001:1001::/home/foo:/bin/false
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/shadow b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/group b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/group
new file mode 100644
index 0000000..4a52a21
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:bar
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo,bar
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/gshadow b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/gshadow
new file mode 100644
index 0000000..57cdf94
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::bar
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/62_usermod_remove_supplementary_groups/usermod.test b/tests/tests/usertools/62_usermod_remove_supplementary_groups/usermod.test
new file mode 100755
index 0000000..bfd70ad
--- /dev/null
+++ b/tests/tests/usertools/62_usermod_remove_supplementary_groups/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../common/config.sh
+. ../../common/log.sh
+
+log_start "$0" "usermod can remove users from supplementary groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove user foo from the 'floppy' group (usermod -rG \"floppy\" foo)..."
+usermod -rG "floppy" foo
+echo "OK"
+
+echo -n "Remove user foo from the 'fax' group (usermod -rG \"fax\" foo)..."
+usermod -rG "fax" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
new file mode 100755
index 0000000..519d0a2
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody, lp, and foooo's password..."
+echo 'nobody:test
+lp:test2
+foooo:test3' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..8a3011f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user foooo) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 3, user foooo) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow
new file mode 100644
index 0000000..cb54856
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
new file mode 100755
index 0000000..c036205
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change the password of multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow
new file mode 100644
index 0000000..d69c00c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
new file mode 100755
index 0000000..fb915a1
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..bd03706
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:bar:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd
new file mode 100644
index 0000000..36fa602
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_MD5 test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:@PASS_MD5 test@:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
new file mode 100755
index 0000000..2660213
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
+# FIXME: The PAM and !PAM versions differs:
+# PAM will create a shadow entry if the shadow file exists
+# !PAM will update the passwd entry and leave the shadow file untouched
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..090d61a
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@::::::
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
new file mode 100755
index 0000000..5760ca5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if no password are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err
new file mode 100644
index 0000000..a02b7d6
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err
@@ -0,0 +1 @@
+chpasswd: line 2: missing new password
diff --git a/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow
new file mode 100644
index 0000000..658661b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
new file mode 100755
index 0000000..fda6230
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/chpasswd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chpasswd usage (chpasswd -h)..."
+chpasswd -h >tmp/usage.out
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out
new file mode 100644
index 0000000..59c8b35
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/06_chpasswd_usage/data/usage.out
@@ -0,0 +1,12 @@
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
new file mode 100755
index 0000000..f75e674
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd displays its usage message in case on non recognized option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get chpasswd usage (chpasswd --foo)..."
+chpasswd --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..4e26b6d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/07_chpasswd_usage_bad_option/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: unrecognized option '--foo'
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
new file mode 100755
index 0000000..ecfbb20
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -e and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use md5 (chpasswd -m -e)..."
+echo 'nobody:test' | chpasswd -m -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out
new file mode 100644
index 0000000..799c8dd
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/08_chpasswd_usage-e-m_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: the -c, -e, and -m flags are exclusive
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
new file mode 100755
index 0000000..ab5deec
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -e and -c are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password are encrypted and must use another method (chpasswd -c SHA512 -e)..."
+echo 'nobody:test' | chpasswd -c SHA512 -e 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out
new file mode 100644
index 0000000..799c8dd
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/09_chpasswd_usage-e-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: the -c, -e, and -m flags are exclusive
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
new file mode 100755
index 0000000..fe2bbd7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -c and -m are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd -m -c SHA256)..."
+echo 'nobody:test' | chpasswd -m -c SHA256 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out
new file mode 100644
index 0000000..799c8dd
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/10_chpasswd_usage-m-c_exclusive/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: the -c, -e, and -m flags are exclusive
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
new file mode 100755
index 0000000..29982fc
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that -c is provided if -s is used"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd --sha-rounds 12)..."
+echo 'nobody:test' | chpasswd --sha-rounds 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out
new file mode 100644
index 0000000..ab133e2
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/11_chpasswd_usage-s_without-c/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: -s flag is only allowed with the -c flag
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
new file mode 100755
index 0000000..1b478f9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks the -s argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd --sha-rounds 12foo -c SHA512)..."
+echo 'nobody:test' | chpasswd --sha-rounds 12foo -c SHA512 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out
new file mode 100644
index 0000000..bcfcf6d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/12_chpasswd_usage-s_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: invalid numeric argument '12foo'
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
new file mode 100755
index 0000000..a2f653c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/chpasswd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks the -c argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Password must use md5 and another method (chpasswd --crypt-method SHA513)..."
+echo 'nobody:test' | chpasswd --crypt-method SHA513 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out
new file mode 100644
index 0000000..2c9e5aa
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/13_chpasswd_usage-c_invalid/data/usage.out
@@ -0,0 +1,13 @@
+chpasswd: unsupported crypt method: SHA513
+Usage: chpasswd [options]
+
+Options:
+  -c, --crypt-method METHOD     the crypt method (one of NONE DES MD5 SHA256 SHA512)
+  -e, --encrypted               supplied passwords are encrypted
+  -h, --help                    display this help message and exit
+  -m, --md5                     encrypt the clear text password using
+                                the MD5 algorithm
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --sha-rounds              number of SHA rounds for the SHA*
+                                crypt algorithms
+
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
new file mode 100755
index 0000000..3591462
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow
new file mode 100644
index 0000000..269ee68
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/14_chpasswd_password_encrypted/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
new file mode 100755
index 0000000..534fb6f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create md5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --md5)..."
+echo 'nobody:test
+lp:test2' | chpasswd --md5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow
new file mode 100644
index 0000000..cb54856
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/15_chpasswd_password_md5/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
new file mode 100755
index 0000000..e7c1b4e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use encrypted passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd -c NONE)..."
+echo 'nobody:test
+lp:test2' | chpasswd -c NONE
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow
new file mode 100644
index 0000000..269ee68
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/16_chpasswd_password_NONE/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
new file mode 100755
index 0000000..f7da2c6
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create MD5 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method MD5)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method MD5
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow
new file mode 100644
index 0000000..cb54856
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/17_chpasswd_password_MD5/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
new file mode 100755
index 0000000..750b82f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create DES passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method DES)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method DES
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow
new file mode 100644
index 0000000..d69c00c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/18_chpasswd_password_DES/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
new file mode 100755
index 0000000..56c67bf
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA256 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA256
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow
new file mode 100644
index 0000000..2705a06
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/19_chpasswd_password_SHA256/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
new file mode 100755
index 0000000..9a0b0d7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA256 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256 -s 900)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA256 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$5\$rounds=1000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow
new file mode 100644
index 0000000..2705a06
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/20_chpasswd_password_SHA256_rounds_900/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
new file mode 100755
index 0000000..6f5f586
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA256 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA256 -s 9000)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA256 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$5\$rounds=9000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow
new file mode 100644
index 0000000..2705a06
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/21_chpasswd_password_SHA256_rounds_9000/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA256 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA256 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
new file mode 100755
index 0000000..856665f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA512 passwords"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA512
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow
new file mode 100644
index 0000000..83bc0c9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/22_chpasswd_password_SHA512/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
new file mode 100755
index 0000000..4382ab5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA512 passwords and use at least 1000 rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512 -s 900)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA512 -s 900
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$6\$rounds=1000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow
new file mode 100644
index 0000000..83bc0c9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/23_chpasswd_password_SHA512_rounds_900/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
new file mode 100755
index 0000000..f42c7be
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/chpasswd.test
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use create SHA512 passwords and use the requested number of rounds"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd --crypt-method SHA512 -s 9000)..."
+echo 'nobody:test
+lp:test2' | chpasswd --crypt-method SHA512 -s 9000
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+grep nobody /etc/shadow | grep -q ':\$6\$rounds=9000\$'
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow
new file mode 100644
index 0000000..83bc0c9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/24_chpasswd_password_SHA512_rounds_9000/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
new file mode 100755
index 0000000..ce881e8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/chpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd
new file mode 100644
index 0000000..0489957
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/25_chpasswd-e_no_shadow_file/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:test2:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:test:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
new file mode 100755
index 0000000..7aa511e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/chpasswd.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err
new file mode 100644
index 0000000..498b5c8
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/26_chpasswd_no_shadow_file_invalid_passwd/data/chpasswd.err
@@ -0,0 +1,6 @@
+chpasswd: (user nobody) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 1, user nobody) password not changed
+chpasswd: (user lp) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user lp) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
new file mode 100755
index 0000000..0578c1f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/chpasswd.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd
new file mode 100644
index 0000000..0d29119
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:foo:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err
new file mode 100644
index 0000000..1381d0e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user lp) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user lp) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd
new file mode 100644
index 0000000..9a44671
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/27_chpasswd_no_shadow_file_1st_invalid_passwd_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:@PASS_MD5 test@:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
new file mode 100755
index 0000000..0578c1f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/chpasswd.test
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..07f3f1d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd
new file mode 100644
index 0000000..6ba390f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:bar:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err
new file mode 100644
index 0000000..9eb11ca
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user nobody) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 1, user nobody) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd
new file mode 100644
index 0000000..978ea44
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/28_chpasswd_no_shadow_file_2nd_invalid_passwd_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_MD5 test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
new file mode 100755
index 0000000..c341285
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/chpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
+# FIXME: The PAM and !PAM versions differs:
+# PAM will create a shadow entry if the shadow file exists
+# !PAM will update the passwd entry and leave the shadow file untouched
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..fcb19db
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/29_chpasswd-e_no_shadow_entry/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
new file mode 100755
index 0000000..a18f912
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/chpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err
new file mode 100644
index 0000000..468b8b6
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/30_chpasswd_locked_passwd/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: existing lock file /etc/passwd.lock without a PID
+chpasswd: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
new file mode 100755
index 0000000..3686758
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/chpasswd.test
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err
new file mode 100644
index 0000000..507310f
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/31_chpasswd_locked_shadow/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: existing lock file /etc/shadow.lock without a PID
+chpasswd: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
new file mode 100755
index 0000000..05bf394
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that users exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd)..."
+echo 'nobody:test
+bar:bar2
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..245a3b2
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/chpasswd.err
@@ -0,0 +1,3 @@
+chpasswd: (user bar) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user bar) password not changed
diff --git a/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow
new file mode 100644
index 0000000..958f25b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/32_chpasswd_invalid_user/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_SHA512 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_SHA512 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
new file mode 100755
index 0000000..05c6a31
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd checks that users exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change passwords (chpasswd -e)..."
+echo 'nobody:test
+bar:bar2
+lp:test2' | chpasswd -e 2>tmp/chpasswd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config.txt
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..7182e70
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/33_chpasswd-e_invalid_user/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: line 2: user 'bar' does not exist
+chpasswd: error detected, changes ignored
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
new file mode 100755
index 0000000..5e3bc03
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can use encrypted password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password (chpasswd -e)..."
+echo 'nobody:test
+lp:test2' | chpasswd -e
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd
new file mode 100644
index 0000000..552045e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+@include common-password
+
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password
new file mode 100644
index 0000000..06c59a7
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/pam.d/common-password
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd
new file mode 100644
index 0000000..5648ba0
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:oldpass:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd
new file mode 100644
index 0000000..1ed98b3
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:test2:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow
new file mode 100644
index 0000000..269ee68
--- /dev/null
+++ b/tests/tests/usertools/chpasswd-PAM/34_chpasswd-e_password_shadow_and_passwd/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:test2:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:test:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
new file mode 100755
index 0000000..f1d09e9
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if an user does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody, lp, and foooo's password..."
+echo 'nobody:test
+lp:test2
+foooo:test3' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/group b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/gshadow b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/passwd b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/shadow b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err
new file mode 100644
index 0000000..3478c55
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: line 3: user 'foooo' does not exist
+chpasswd: error detected, changes ignored
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
new file mode 100755
index 0000000..c036205
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/chpasswd.test
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd can change the password of multiple users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/group b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/gshadow b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/passwd b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/shadow b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/data/shadow b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/data/shadow
new file mode 100644
index 0000000..d69c00c
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/02_chpasswd_multiple_users/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_DES test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
new file mode 100755
index 0000000..fb915a1
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd file if shadow does not exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check that shadow does not exist..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/group b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/passwd b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/shadow b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/data/passwd b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/data/passwd
new file mode 100644
index 0000000..a9a8b92
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_DES test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:@PASS_DES test@:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
new file mode 100755
index 0000000..d97d8b5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
+# FIXME: The PAM and !PAM versions differs:
+# PAM will create a shadow entry if the shadow file exists
+# !PAM will update the passwd entry and leave the shadow file untouched
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp:test2' | chpasswd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/group b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..54dc57e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,40 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..f4f74a5
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/passwd b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..e7f6c7b
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:@PASS_DES test2@:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/shadow b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..8e10590
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/data/shadow
@@ -0,0 +1,18 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_DES test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
new file mode 100755
index 0000000..005b7ba
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "chpasswd fails if no password are provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change nobody's and lp's password..."
+echo 'nobody:test
+lp' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+        status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/group b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/gshadow b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs
new file mode 100644
index 0000000..f898f1e
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs
@@ -0,0 +1,317 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK usage is discouraged because it catches only some classes of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
+# as the solution which catches all these cases on PAM-enabled systems.
+# 
+# This avoids the confusion created by having the umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
+# http://lists.debian.org/debian-devel/2005/06/msg01598.html
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+# 022 is the "historical" value in Debian for UMASK when it was used
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# This enables userdel to remove user groups if no members exist.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, thus in Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is used by chpasswd, gpasswd and newusers.
+#
+#MD5_CRYPT_ENAB	no
+ENCRYPT_METHOD DES
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/passwd b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/shadow b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err
new file mode 100644
index 0000000..afeef27
--- /dev/null
+++ b/tests/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err
@@ -0,0 +1,2 @@
+chpasswd: line 2: missing new password
+chpasswd: error detected, changes ignored
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config.txt b/tests/tests/usertools/useradd/01_useradd_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/default/useradd b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/group b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/gshadow b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/passwd b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/config/etc/shadow b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/data/usage.out b/tests/tests/usertools/useradd/01_useradd_usage/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/01_useradd_usage/useradd.test b/tests/tests/usertools/useradd/01_useradd_usage/useradd.test
new file mode 100755
index 0000000..a7fe046
--- /dev/null
+++ b/tests/tests/usertools/useradd/01_useradd_usage/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get useradd usage (useradd -h)..."
+useradd -h >tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config.txt b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/default/useradd b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/group b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/gshadow b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/passwd b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/shadow b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/data/usage.out b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..2efa134
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/data/usage.out
@@ -0,0 +1,36 @@
+useradd: unrecognized option '--foo'
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/useradd.test b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/useradd.test
new file mode 100755
index 0000000..6711b26
--- /dev/null
+++ b/tests/tests/usertools/useradd/02_useradd_usage_invalid_option/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid option (useradd --foo)..."
+useradd --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config.txt b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/default/useradd b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/group b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/gshadow b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/passwd b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/shadow b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/data/usage.out b/tests/tests/usertools/useradd/03_useradd_usage_no_users/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/03_useradd_usage_no_users/useradd.test b/tests/tests/usertools/useradd/03_useradd_usage_no_users/useradd.test
new file mode 100755
index 0000000..fe178eb
--- /dev/null
+++ b/tests/tests/usertools/useradd/03_useradd_usage_no_users/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd without an user (useradd -f 12)..."
+useradd -f 12 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config.txt b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/default/useradd b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/group b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/gshadow b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/passwd b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/shadow b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/data/usage.out b/tests/tests/usertools/useradd/04_useradd_usage_2_users/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/04_useradd_usage_2_users/useradd.test b/tests/tests/usertools/useradd/04_useradd_usage_2_users/useradd.test
new file mode 100755
index 0000000..c51e8bc
--- /dev/null
+++ b/tests/tests/usertools/useradd/04_useradd_usage_2_users/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with 2 users (useradd -f 12 bin nobody)..."
+useradd -f 12 bin nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config.txt b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/group b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/data/usage.out b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/data/usage.out
new file mode 100644
index 0000000..6f4cd08
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid base directory '/home/no:body'
diff --git a/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/useradd.test b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
new file mode 100755
index 0000000..a880dde
--- /dev/null
+++ b/tests/tests/usertools/useradd/05_useradd_usage-b_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -b '/home/no:body' nobody)..."
+useradd -b '/home/no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config.txt b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/group b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/data/usage.out b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/data/usage.out
new file mode 100644
index 0000000..22a5df8
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid base directory '/home/no
+body'
diff --git a/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/useradd.test b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
new file mode 100755
index 0000000..37f27c0
--- /dev/null
+++ b/tests/tests/usertools/useradd/06_useradd_usage-b_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -b '/home/no
+body' nobody)..."
+useradd -b '/home/no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config.txt b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/default/useradd b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/group b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/gshadow b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/passwd b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/shadow b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/data/usage.out b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/data/usage.out
new file mode 100644
index 0000000..de930e6
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid base directory 'home/nobody'
diff --git a/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/useradd.test b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
new file mode 100755
index 0000000..a0ff227
--- /dev/null
+++ b/tests/tests/usertools/useradd/07_useradd_usage-b_invalid3/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -b 'home/nobody' nobody)..."
+useradd -b 'home/nobody' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config.txt b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/group b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/data/usage.out b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/data/usage.out
new file mode 100644
index 0000000..ec0e2ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid comment 'comm:ent'
diff --git a/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/useradd.test b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
new file mode 100755
index 0000000..6cd2262
--- /dev/null
+++ b/tests/tests/usertools/useradd/08_useradd_usage-c_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -c 'comm:ent' nobody)..."
+useradd -c 'comm:ent' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config.txt b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/group b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/data/usage.out b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/data/usage.out
new file mode 100644
index 0000000..30daaab
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid comment 'comm
+ent'
diff --git a/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/useradd.test b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
new file mode 100755
index 0000000..98f6420
--- /dev/null
+++ b/tests/tests/usertools/useradd/09_useradd_usage-c_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -c 'comm
+ent' nobody)..."
+useradd -c 'comm
+ent' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config.txt b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/group b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/data/usage.out b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/data/usage.out
new file mode 100644
index 0000000..34b6e40
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid home directory '/home/no:body'
diff --git a/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/useradd.test b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
new file mode 100755
index 0000000..3f3b81e
--- /dev/null
+++ b/tests/tests/usertools/useradd/10_useradd_usage-d_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -d '/home/no:body' nobody)..."
+useradd -d '/home/no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config.txt b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/group b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/data/usage.out b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/data/usage.out
new file mode 100644
index 0000000..0ac0eed
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid home directory '/home/no
+body'
diff --git a/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/useradd.test b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
new file mode 100755
index 0000000..12569b5
--- /dev/null
+++ b/tests/tests/usertools/useradd/11_useradd_usage-d_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -d '/home/no
+body' nobody)..."
+useradd -d '/home/no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config.txt b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/default/useradd b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/group b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/gshadow b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/passwd b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/shadow b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/data/usage.out b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/data/usage.out
new file mode 100644
index 0000000..722cb57
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid home directory 'home/nobody'
diff --git a/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/useradd.test b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
new file mode 100755
index 0000000..3b624c1
--- /dev/null
+++ b/tests/tests/usertools/useradd/12_useradd_usage-d_invalid3/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -d 'home/nobody' nobody)..."
+useradd -d 'home/nobody' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config.txt b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/group b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/data/usage.out b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/data/usage.out
new file mode 100644
index 0000000..02f2e40
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid date '2011-09-09-11'
diff --git a/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/useradd.test b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
new file mode 100755
index 0000000..15acb22
--- /dev/null
+++ b/tests/tests/usertools/useradd/13_useradd_usage-e_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -e '2011-09-09-11' nobody)..."
+useradd -e '2011-09-09-11' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config.txt b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/group b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/data/usage.out b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/data/usage.out
new file mode 100644
index 0000000..c0d25cb
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid date '1900-09-11'
diff --git a/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/useradd.test b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
new file mode 100755
index 0000000..c5642f0
--- /dev/null
+++ b/tests/tests/usertools/useradd/14_useradd_usage-e_invalid2/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -e '1900-09-11' nobody)..."
+useradd -e '1900-09-11' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config.txt b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/data/usage.out b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..f148d91
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+useradd: shadow passwords required for -e
diff --git a/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
new file mode 100755
index 0000000..255a799
--- /dev/null
+++ b/tests/tests/usertools/useradd/15_useradd_usage-e_no_shadow_file/useradd.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Call useradd with the -e option (useradd -e '2011-09-11' nobody)..."
+useradd -e '2011-09-11' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config.txt b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/group b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/data/usage.out b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/data/usage.out
new file mode 100644
index 0000000..40d8d93
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid numeric argument '2011f'
diff --git a/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/useradd.test b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
new file mode 100755
index 0000000..ad948d5
--- /dev/null
+++ b/tests/tests/usertools/useradd/16_useradd_usage-f_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -f '2011f' nobody)..."
+useradd -f '2011f' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config.txt b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/group b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/data/usage.out b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/data/usage.out
new file mode 100644
index 0000000..add36d3
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid numeric argument '-2'
diff --git a/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/useradd.test b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
new file mode 100755
index 0000000..2f5a385
--- /dev/null
+++ b/tests/tests/usertools/useradd/17_useradd_usage-f_invalid2/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -f '-2' nobody)..."
+useradd -f '-2' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config.txt b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/data/usage.out b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..f5095a5
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+useradd: shadow passwords required for -f
diff --git a/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
new file mode 100755
index 0000000..aa5b54e
--- /dev/null
+++ b/tests/tests/usertools/useradd/18_useradd_usage-f_no_shadow_file/useradd.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Call useradd with the -f option (useradd -f '12' nobody)..."
+useradd -f '12' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config.txt b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/group b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/data/usage.out b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/data/usage.out
new file mode 100644
index 0000000..9eaa315
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: -K requires KEY=VALUE
diff --git a/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/useradd.test b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
new file mode 100755
index 0000000..bef12a6
--- /dev/null
+++ b/tests/tests/usertools/useradd/19_useradd_usage-K_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -K 'VALUE' nobody)..."
+useradd -K 'VALUE' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config.txt b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/group b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/data/usage.out b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/data/usage.out
new file mode 100644
index 0000000..cb3b31a
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/data/usage.out
@@ -0,0 +1 @@
+configuration error - unknown item 'KEY' (notify administrator)
diff --git a/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/useradd.test b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
new file mode 100755
index 0000000..883eac5
--- /dev/null
+++ b/tests/tests/usertools/useradd/20_useradd_usage-O_invalid2/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -O 'KEY=VALUE' nobody)..."
+useradd -O 'KEY=VALUE' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config.txt b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/group b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/data/usage.out b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/data/usage.out
new file mode 100644
index 0000000..6e06315
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid field 'no:body'
diff --git a/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/useradd.test b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
new file mode 100755
index 0000000..86e99ff
--- /dev/null
+++ b/tests/tests/usertools/useradd/21_useradd_usage-p_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -p 'no:body' nobody)..."
+useradd -p 'no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config.txt b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/group b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/data/usage.out b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/data/usage.out
new file mode 100644
index 0000000..19f477e
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid field 'no
+body'
diff --git a/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/useradd.test b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
new file mode 100755
index 0000000..9888c75
--- /dev/null
+++ b/tests/tests/usertools/useradd/22_useradd_usage-p_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -p 'no
+body' nobody)..."
+useradd -p 'no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config.txt b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/group b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/data/usage.out b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/data/usage.out
new file mode 100644
index 0000000..2b9b157
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid shell '/home/no:body'
diff --git a/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/useradd.test b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
new file mode 100755
index 0000000..9864e42
--- /dev/null
+++ b/tests/tests/usertools/useradd/23_useradd_usage-s_invalid1/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -s '/home/no:body' nobody)..."
+useradd -s '/home/no:body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config.txt b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/group b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/data/usage.out b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/data/usage.out
new file mode 100644
index 0000000..e2891b2
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid shell '/home/no
+body'
diff --git a/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/useradd.test b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
new file mode 100755
index 0000000..4704ed5
--- /dev/null
+++ b/tests/tests/usertools/useradd/24_useradd_usage-s_invalid2/useradd.test
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -s '/home/no
+body' nobody)..."
+useradd -s '/home/no
+body' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config.txt b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/default/useradd b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/group b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/gshadow b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/passwd b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/shadow b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/data/usage.out b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/data/usage.out
new file mode 100644
index 0000000..9fb467e
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid shell 'home/nobody'
diff --git a/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/useradd.test b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
new file mode 100755
index 0000000..ea1ada3
--- /dev/null
+++ b/tests/tests/usertools/useradd/25_useradd_usage-s_invalid3/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid argument (useradd -s 'home/nobody' nobody)..."
+useradd -s 'home/nobody' nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config.txt b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/default/useradd b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/group b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/gshadow b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/passwd b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/shadow b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/data/usage.out b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/data/usage.out
new file mode 100644
index 0000000..f0e24c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/data/usage.out
@@ -0,0 +1,36 @@
+useradd: -o flag is only allowed with the -u flag
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/useradd.test b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/useradd.test
new file mode 100755
index 0000000..36498ce
--- /dev/null
+++ b/tests/tests/usertools/useradd/26_useradd_usage-o_without-u/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -o without -u"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Allow duplicate UID without UID (useradd -o foo)..."
+useradd -o foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config.txt b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/default/useradd b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/group b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/gshadow b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/passwd b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/shadow b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/data/usage.out b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/data/usage.out
new file mode 100644
index 0000000..e27e5b6
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/data/usage.out
@@ -0,0 +1,36 @@
+useradd: -k flag is only allowed with the -m flag
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/useradd.test b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/useradd.test
new file mode 100755
index 0000000..c64af4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/27_useradd_usage-k_without-m/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -k without -m"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Copy skeleton without creating home dir (useradd -k foo)..."
+useradd -k foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config.txt b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/default/useradd b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/group b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/gshadow b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/passwd b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/shadow b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/data/usage.out b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/data/usage.out
new file mode 100644
index 0000000..3b030c3
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/data/usage.out
@@ -0,0 +1,36 @@
+useradd: options -U and -g conflict
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/useradd.test b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/useradd.test
new file mode 100755
index 0000000..2a7b381
--- /dev/null
+++ b/tests/tests/usertools/useradd/28_useradd_usage-U_with-g/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -U with -g"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Usergroup and fixed group (useradd -U -g 100 foo)..."
+useradd -U -g 100 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config.txt b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/default/useradd b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/group b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/gshadow b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/passwd b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/shadow b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/data/usage.out b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/data/usage.out
new file mode 100644
index 0000000..7a7bc5d
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/data/usage.out
@@ -0,0 +1,36 @@
+useradd: options -U and -N conflict
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/useradd.test b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/useradd.test
new file mode 100755
index 0000000..57eabd3
--- /dev/null
+++ b/tests/tests/usertools/useradd/29_useradd_usage-U_with-N/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -U with -N"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Usergroup and no usergroup (useradd -U -N foo)..."
+useradd -U -N foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config.txt b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/default/useradd b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/group b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/gshadow b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/passwd b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/shadow b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/data/usage.out b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/data/usage.out
new file mode 100644
index 0000000..37a90dc
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/data/usage.out
@@ -0,0 +1,36 @@
+useradd: options -m and -M conflict
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/useradd.test b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/useradd.test
new file mode 100755
index 0000000..80d7a5a
--- /dev/null
+++ b/tests/tests/usertools/useradd/30_useradd_usage-m_with-M/useradd.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -m with -M"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create and do not create home directory (useradd -M -m foo)..."
+useradd -M -m foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config.txt b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/default/useradd b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/group b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/gshadow b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/passwd b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/shadow b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/data/usage.out b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/useradd.test b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/useradd.test
new file mode 100755
index 0000000..f5f5f4b
--- /dev/null
+++ b/tests/tests/usertools/useradd/31_useradd_usage_user_with-D/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set default with useradd and specify an user (useradd -D nobody)..."
+useradd -D nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config.txt b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/default/useradd b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/group b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/gshadow b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/passwd b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/shadow b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/data/usage.out b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/useradd.test b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/useradd.test
new file mode 100755
index 0000000..c3aacfb
--- /dev/null
+++ b/tests/tests/usertools/useradd/32_useradd_usage-D_with_other/useradd.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd rejects -m with -M"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+for opt in "-u 1010" "-G nogroup" "-d /home/foo" "-c comment" "-m"
+do
+	echo -n "Call useradd -D with option $opt (useradd -D $opt)..."
+	useradd -D $opt 2>tmp/usage.out && exit 1 || {
+		status=$?
+	}
+
+	echo "OK"
+
+	echo -n "Check returned status ($status)..."
+	test "$status" = "2"
+	echo "OK"
+
+	echo "useradd reported:"
+	echo "======================================================================="
+	cat tmp/usage.out
+	echo "======================================================================="
+	echo -n "Check the usage message..."
+	diff -au data/usage.out tmp/usage.out
+	echo "usage message OK."
+	rm -f tmp/usage.out
+done
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config.txt b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/default/useradd b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/group b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/gshadow b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/passwd b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/shadow b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/data/usage.out b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/data/usage.out
new file mode 100644
index 0000000..c1c58fa
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/data/usage.out
@@ -0,0 +1 @@
+useradd: invalid user name 'user:name'
diff --git a/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/useradd.test b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/useradd.test
new file mode 100755
index 0000000..8024f7d
--- /dev/null
+++ b/tests/tests/usertools/useradd/33_useradd_usage_invalid_username/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd checks the username validity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an invalid username (useradd user:name)..."
+useradd user:name 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config.txt b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/default/useradd b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/group b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/gshadow b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/passwd b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/shadow b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/passwd b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/shadow b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/useradd.test b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
new file mode 100755
index 0000000..df98f82
--- /dev/null
+++ b/tests/tests/usertools/useradd/34_useradd_default_GROUP_GID/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config.txt b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/default/useradd b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/default/useradd
new file mode 100644
index 0000000..487e328
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=nogroup
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/group b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/gshadow b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/passwd b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/shadow b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/passwd b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/passwd
new file mode 100644
index 0000000..4e481a1
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:65534::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/shadow b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/useradd.test b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/useradd.test
new file mode 100755
index 0000000..df98f82
--- /dev/null
+++ b/tests/tests/usertools/useradd/35_useradd_default_GROUP_name/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config.txt b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/default/useradd b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/default/useradd
new file mode 100644
index 0000000..4da665d
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=3000
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/group b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/gshadow b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/passwd b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/shadow b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/passwd b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/passwd
new file mode 100644
index 0000000..db82966
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:100::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/shadow b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/usage.out b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/usage.out
new file mode 100644
index 0000000..6e4920f
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/data/usage.out
@@ -0,0 +1,2 @@
+useradd: group '3000' does not exist
+useradd: the GROUP= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/36_useradd_default_GROUP_invalid_GID/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config.txt b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/default/useradd b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/default/useradd
new file mode 100644
index 0000000..3d298ac
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=invalidgroup
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/group b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/gshadow b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/passwd b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/shadow b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/passwd b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/passwd
new file mode 100644
index 0000000..db82966
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:100::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/shadow b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/usage.out b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/usage.out
new file mode 100644
index 0000000..06f5b8c
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/data/usage.out
@@ -0,0 +1,2 @@
+useradd: group 'invalidgroup' does not exist
+useradd: the GROUP= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/37_useradd_default_GROUP_invalid_name/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config.txt b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/default/useradd b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/default/useradd
new file mode 100644
index 0000000..095cf3d
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/group b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/gshadow b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/passwd b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/shadow b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/passwd b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/shadow b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/shadow
new file mode 100644
index 0000000..b8db0a7
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:42:13849:
diff --git a/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/useradd.test b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/useradd.test
new file mode 100755
index 0000000..dbee2ad
--- /dev/null
+++ b/tests/tests/usertools/useradd/38_useradd_default_INACTIVE/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the INACT default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config.txt b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/default/useradd b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..e7513e4
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=1a
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/group b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/gshadow b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/passwd b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/shadow b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/passwd b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/shadow b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/shadow
new file mode 100644
index 0000000..39849f5
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7::13849:
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/usage.out b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/usage.out
new file mode 100644
index 0000000..d27941e
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid numeric argument '1a'
+useradd: the INACTIVE= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/39_useradd_default_INACTIVE_invalid1/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config.txt b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/default/useradd b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..b3f265e
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=-2
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/group b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/gshadow b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/passwd b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/shadow b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/passwd b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/passwd
new file mode 100644
index 0000000..540cc99
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:10::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/shadow b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/shadow
new file mode 100644
index 0000000..39849f5
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7::13849:
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/usage.out b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/usage.out
new file mode 100644
index 0000000..d301073
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/data/usage.out
@@ -0,0 +1,2 @@
+useradd: invalid numeric argument '-2'
+useradd: the INACTIVE= configuration in /etc/default/useradd will be ignored
diff --git a/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
new file mode 100755
index 0000000..c030cd2
--- /dev/null
+++ b/tests/tests/usertools/useradd/40_useradd_default_INACTIVE_invalid2/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the GROUP default value"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo, without usergroup (useradd -N foo)..."
+useradd -N foo 2>tmp/usage.out
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config.txt b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/default/useradd b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/default/useradd
new file mode 100644
index 0000000..3fca45b
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/group b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/gshadow b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/passwd b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/shadow b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/data/defaults b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/data/defaults
new file mode 100644
index 0000000..90cfe79
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/data/defaults
@@ -0,0 +1,7 @@
+GROUP=10
+HOME=/tmp
+INACTIVE=42
+EXPIRE=2007-12-02
+SHELL=/bin/foobar
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/useradd.test b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/useradd.test
new file mode 100755
index 0000000..41ffb2b
--- /dev/null
+++ b/tests/tests/usertools/useradd/41_useradd_default_default_SKEL/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the default SKEL value is SKEL is set to empty"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get default value (useradd -D)..."
+useradd -D >tmp/defaults
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/defaults
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/defaults tmp/defaults
+echo "usage message OK."
+rm -f tmp/defaults
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config.txt b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/default/useradd b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/default/useradd
new file mode 100644
index 0000000..bbb85b4
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/group b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/gshadow b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/passwd b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/shadow b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/data/defaults b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/data/defaults
new file mode 100644
index 0000000..90cfe79
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/data/defaults
@@ -0,0 +1,7 @@
+GROUP=10
+HOME=/tmp
+INACTIVE=42
+EXPIRE=2007-12-02
+SHELL=/bin/foobar
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
new file mode 100755
index 0000000..41ffb2b
--- /dev/null
+++ b/tests/tests/usertools/useradd/42_useradd_default_default_CREATE_MAIL_SPOOL/useradd.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses the default SKEL value is SKEL is set to empty"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get default value (useradd -D)..."
+useradd -D >tmp/defaults
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/defaults
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/defaults tmp/defaults
+echo "usage message OK."
+rm -f tmp/defaults
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config.txt b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/default/useradd b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/default/useradd
new file mode 100644
index 0000000..b85eaf3
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/default/useradd
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=
+# 
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/group b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/gshadow b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/passwd b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/shadow b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/data/useradd b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/data/useradd
new file mode 100644
index 0000000..15084f0
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/data/useradd
@@ -0,0 +1,38 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/toto
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
+# 
+SKEL=/etc/skel
diff --git a/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/useradd.test b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/useradd.test
new file mode 100755
index 0000000..110e3ae
--- /dev/null
+++ b/tests/tests/usertools/useradd/43_useradd_default_no_final_eol/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts a line with no eol at eof"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set a default value (useradd -D -b /toto)..."
+useradd -D -b /toto
+echo "OK"
+
+echo -n "Check the default file..."
+diff -Nau data/useradd /etc/default/useradd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config.txt b/tests/tests/usertools/useradd/44_useradd_default_no_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/default/useradd b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/default/useradd
new file mode 100644
index 0000000..b85eaf3
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/default/useradd
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=42
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=
+#
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=
+# 
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/group b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/gshadow b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/passwd b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/shadow b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/data/useradd b/tests/tests/usertools/useradd/44_useradd_default_no_file/data/useradd
new file mode 100644
index 0000000..796e8dd
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/data/useradd
@@ -0,0 +1,8 @@
+# useradd defaults file
+GROUP=100
+HOME=/toto
+INACTIVE=-1
+EXPIRE=
+SHELL=
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no
diff --git a/tests/tests/usertools/useradd/44_useradd_default_no_file/useradd.test b/tests/tests/usertools/useradd/44_useradd_default_no_file/useradd.test
new file mode 100755
index 0000000..0bc2804
--- /dev/null
+++ b/tests/tests/usertools/useradd/44_useradd_default_no_file/useradd.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can create a defaults file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete the defaults file..."
+rm -f /etc/default/useradd
+echo "OK"
+
+echo -n "Set a default value (useradd -D -b /toto)..."
+useradd -D -b /toto
+echo "OK"
+
+echo -n "Check the default file..."
+diff -Nau data/useradd /etc/default/useradd
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config.txt b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/default/useradd b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/group b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/gshadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/passwd b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/shadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/group b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/gshadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/passwd b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/shadow b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/45_useradd-G_UID_name/useradd.test b/tests/tests/usertools/useradd/45_useradd-G_UID_name/useradd.test
new file mode 100755
index 0000000..480c4a3
--- /dev/null
+++ b/tests/tests/usertools/useradd/45_useradd-G_UID_name/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config.txt b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/default/useradd b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/group b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/gshadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/passwd b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/shadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/group b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/gshadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/passwd b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/shadow b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/useradd.test b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
new file mode 100755
index 0000000..1de8138
--- /dev/null
+++ b/tests/tests/usertools/useradd/46_useradd-G_UID_duplicate/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups (once)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom,12 foo)..."
+useradd -G bin,adm,12,cdrom,12 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config.txt b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/default/useradd b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/group b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/gshadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/passwd b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/shadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/group b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/gshadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/passwd b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/shadow b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
new file mode 100755
index 0000000..cb7bed8
--- /dev/null
+++ b/tests/tests/usertools/useradd/47_useradd-G_UID_name_duplicate/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups (once)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom,man foo)..."
+useradd -G bin,adm,12,cdrom,man foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config.txt b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/default/useradd b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/group b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/gshadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/passwd b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/shadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/group b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/gshadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/passwd b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/shadow b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/useradd.test b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/useradd.test
new file mode 100755
index 0000000..44f63c1
--- /dev/null
+++ b/tests/tests/usertools/useradd/48_useradd-G_name_duplicate/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user to specified groups (once)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom,adm foo)..."
+useradd -G bin,adm,12,cdrom,adm foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config.txt b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/default/useradd b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/group b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/gshadow b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/passwd b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/shadow b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/data/usage.out b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/data/usage.out
new file mode 100644
index 0000000..23ea5dd
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/data/usage.out
@@ -0,0 +1 @@
+useradd: group 'cdromm' does not exist
diff --git a/tests/tests/usertools/useradd/49_useradd-G_invalid_group/useradd.test b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/useradd.test
new file mode 100755
index 0000000..5d16073
--- /dev/null
+++ b/tests/tests/usertools/useradd/49_useradd-G_invalid_group/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd check the validity of groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups with an invalid group (useradd -G bin,adm,12,cdromm,adm foo)..."
+useradd -G bin,adm,12,cdromm,adm foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "6"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config.txt b/tests/tests/usertools/useradd/50_useradd-r/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/default/useradd b/tests/tests/usertools/useradd/50_useradd-r/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/group b/tests/tests/usertools/useradd/50_useradd-r/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/gshadow b/tests/tests/usertools/useradd/50_useradd-r/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/passwd b/tests/tests/usertools/useradd/50_useradd-r/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/50_useradd-r/config/etc/shadow b/tests/tests/usertools/useradd/50_useradd-r/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/group b/tests/tests/usertools/useradd/50_useradd-r/data/group
new file mode 100644
index 0000000..b5b6ce2
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:999:
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/gshadow b/tests/tests/usertools/useradd/50_useradd-r/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/passwd b/tests/tests/usertools/useradd/50_useradd-r/data/passwd
new file mode 100644
index 0000000..640a0cc
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:101:999::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/50_useradd-r/data/shadow b/tests/tests/usertools/useradd/50_useradd-r/data/shadow
new file mode 100644
index 0000000..823c4c0
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@::::::
diff --git a/tests/tests/usertools/useradd/50_useradd-r/useradd.test b/tests/tests/usertools/useradd/50_useradd-r/useradd.test
new file mode 100755
index 0000000..0eacc6a
--- /dev/null
+++ b/tests/tests/usertools/useradd/50_useradd-r/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd can create system users"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create system user foo (useradd -r foo)..."
+useradd -r foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config.txt b/tests/tests/usertools/useradd/51_useradd_already_exist/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/default/useradd b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/group b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/gshadow b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/passwd b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/shadow b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/shadow
new file mode 100644
index 0000000..498ef86
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:*:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/data/usage.out b/tests/tests/usertools/useradd/51_useradd_already_exist/data/usage.out
new file mode 100644
index 0000000..5d12530
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/data/usage.out
@@ -0,0 +1 @@
+useradd: user 'foo' already exists
diff --git a/tests/tests/usertools/useradd/51_useradd_already_exist/useradd.test b/tests/tests/usertools/useradd/51_useradd_already_exist/useradd.test
new file mode 100755
index 0000000..910828f
--- /dev/null
+++ b/tests/tests/usertools/useradd/51_useradd_already_exist/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd checks if the requested new user already exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with an existing user (useradd foo)..."
+useradd foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config.txt b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/default/useradd b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/group b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/gshadow b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/passwd b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/shadow b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/data/usage.out b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/data/usage.out
new file mode 100644
index 0000000..c000a60
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/data/usage.out
@@ -0,0 +1 @@
+useradd: group foo exists - if you want to add this user to that group, use -g.
diff --git a/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/useradd.test b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/useradd.test
new file mode 100755
index 0000000..7fe651d
--- /dev/null
+++ b/tests/tests/usertools/useradd/52_useradd-U_group_already_exist/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -U checks if a group with the same name already exist"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd -U with an existing group (useradd -U foo)..."
+useradd -U foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "9"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config.txt b/tests/tests/usertools/useradd/53_useradd-G_empty/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/default/useradd b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/group b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/gshadow b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/passwd b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/shadow b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/group b/tests/tests/usertools/useradd/53_useradd-G_empty/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/gshadow b/tests/tests/usertools/useradd/53_useradd-G_empty/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/passwd b/tests/tests/usertools/useradd/53_useradd-G_empty/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/data/shadow b/tests/tests/usertools/useradd/53_useradd-G_empty/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/53_useradd-G_empty/useradd.test b/tests/tests/usertools/useradd/53_useradd-G_empty/useradd.test
new file mode 100755
index 0000000..8eac65e
--- /dev/null
+++ b/tests/tests/usertools/useradd/53_useradd-G_empty/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts empty list of groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo with empty group list (useradd -G "" foo)..."
+useradd -G "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config.txt b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/group b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/gshadow b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..ec19c4a
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/passwd b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/passwd
new file mode 100644
index 0000000..e2c466a
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/54_useradd_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/useradd.test
new file mode 100755
index 0000000..c7ab56b
--- /dev/null
+++ b/tests/tests/usertools/useradd/54_useradd_no_shadow_file/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user even if /etc/shadow is missing"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config.txt b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/group b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/passwd b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/shadow b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/group b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/group
new file mode 100644
index 0000000..eb2e1b5
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:!:1000:
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/passwd b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/shadow b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/useradd.test b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/useradd.test
new file mode 100755
index 0000000..b5519b9
--- /dev/null
+++ b/tests/tests/usertools/useradd/55_useradd_no_gshadow_file/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user and groups even if /etc/gshadow is missing"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/gshadow..."
+rm -f /etc/gshadow
+echo "OK"
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config.txt b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/default/useradd b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/group b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/gshadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/gshadow
new file mode 100644
index 0000000..3c9bae9
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test:x::
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/passwd b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/shadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/group b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/group
new file mode 100644
index 0000000..c9c71f8
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/gshadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/gshadow
new file mode 100644
index 0000000..fd939a3
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::foo
+sys:*::
+adm:*::foo
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::foo
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::foo
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+test:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/passwd b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/shadow b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
new file mode 100755
index 0000000..c8a6666
--- /dev/null
+++ b/tests/tests/usertools/useradd/56_useradd_gshadow_entry_without_group_entry/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds the user and groups even if /etc/gshadow is missing"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo in groups (useradd -G bin,adm,12,cdrom foo)..."
+useradd -G bin,adm,12,cdrom foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config.txt b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/default/useradd b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/group b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/gshadow b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/passwd b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/shadow b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/data/usage.out b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/data/usage.out
new file mode 100644
index 0000000..b77a98a
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/data/usage.out
@@ -0,0 +1,35 @@
+Usage: useradd [options] LOGIN
+       useradd -D
+       useradd -D [options]
+
+Options:
+  -b, --base-dir BASE_DIR       base directory for the home directory of the
+                                new account
+  -c, --comment COMMENT         GECOS field of the new account
+  -d, --home-dir HOME_DIR       home directory of the new account
+  -D, --defaults                print or change default useradd configuration
+  -e, --expiredate EXPIRE_DATE  expiration date of the new account
+  -f, --inactive INACTIVE       password inactivity period of the new account
+  -g, --gid GROUP               name or ID of the primary group of the new
+                                account
+  -G, --groups GROUPS           list of supplementary groups of the new
+                                account
+  -h, --help                    display this help message and exit
+  -k, --skel SKEL_DIR           use this alternative skeleton directory
+  -K, --key KEY=VALUE           override /etc/login.defs defaults
+  -l, --no-log-init             do not add the user to the lastlog and
+                                faillog databases
+  -m, --create-home             create the user's home directory
+  -M, --no-create-home          do not create the user's home directory
+  -N, --no-user-group           do not create a group with the same name as
+                                the user
+  -o, --non-unique              allow to create users with duplicate
+                                (non-unique) UID
+  -p, --password PASSWORD       encrypted password of the new account
+  -r, --system                  create a system account
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             login shell of the new account
+  -u, --uid UID                 user ID of the new account
+  -U, --user-group              create a group with the same name as the user
+  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
+
diff --git a/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
new file mode 100755
index 0000000..97e011d
--- /dev/null
+++ b/tests/tests/usertools/useradd/57_useradd_usage-D_not_first_option/useradd.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd reports an error when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call useradd with -D as second option (useradd -f 12 -D)..."
+useradd -f 12 -D 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config.txt b/tests/tests/usertools/useradd/58_useradd-e_empty/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/default/useradd b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/group b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/gshadow b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/passwd b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/shadow b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/group b/tests/tests/usertools/useradd/58_useradd-e_empty/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/gshadow b/tests/tests/usertools/useradd/58_useradd-e_empty/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/passwd b/tests/tests/usertools/useradd/58_useradd-e_empty/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/data/shadow b/tests/tests/usertools/useradd/58_useradd-e_empty/data/shadow
new file mode 100644
index 0000000..949c978
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12::
diff --git a/tests/tests/usertools/useradd/58_useradd-e_empty/useradd.test b/tests/tests/usertools/useradd/58_useradd-e_empty/useradd.test
new file mode 100755
index 0000000..ab90d67
--- /dev/null
+++ b/tests/tests/usertools/useradd/58_useradd-e_empty/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts empty list of groups"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo without expiry (useradd -e "" foo)..."
+useradd -e "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config.txt b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/default/useradd b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/group b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/gshadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/passwd b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/shadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/group b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/gshadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/passwd b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/shadow b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/shadow
new file mode 100644
index 0000000..602bef5
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/59_useradd-e-1-f-1/useradd.test b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/useradd.test
new file mode 100755
index 0000000..ff5233c
--- /dev/null
+++ b/tests/tests/usertools/useradd/59_useradd-e-1-f-1/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts -1 as expiry and inactivity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo without expiry (useradd -e -1 -f -1 foo)..."
+useradd -e -1 -f -1 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config.txt b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/group b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/passwd b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/shadow b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/group b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/gshadow b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/passwd b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/passwd
new file mode 100644
index 0000000..e2c466a
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
new file mode 100755
index 0000000..0170ef8
--- /dev/null
+++ b/tests/tests/usertools/useradd/60_useradd-e-1-f-1_no_shadow_file/useradd.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd accepts -1 as expiry and inactivity"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete /etc/shadow..."
+rm -f /etc/shadow
+echo "OK"
+
+echo -n "Create user foo without expiry (useradd -e -1 -f -1 foo)..."
+useradd -e -1 -f -1 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config.txt b/tests/tests/usertools/useradd/61_useradd-K/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/default/useradd b/tests/tests/usertools/useradd/61_useradd-K/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/group b/tests/tests/usertools/useradd/61_useradd-K/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/gshadow b/tests/tests/usertools/useradd/61_useradd-K/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/passwd b/tests/tests/usertools/useradd/61_useradd-K/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/61_useradd-K/config/etc/shadow b/tests/tests/usertools/useradd/61_useradd-K/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/group b/tests/tests/usertools/useradd/61_useradd-K/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/gshadow b/tests/tests/usertools/useradd/61_useradd-K/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/passwd b/tests/tests/usertools/useradd/61_useradd-K/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/61_useradd-K/data/shadow b/tests/tests/usertools/useradd/61_useradd-K/data/shadow
new file mode 100644
index 0000000..bfd9ffa
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:42:7:12:13849:
diff --git a/tests/tests/usertools/useradd/61_useradd-K/useradd.test b/tests/tests/usertools/useradd/61_useradd-K/useradd.test
new file mode 100755
index 0000000..3a8ee29
--- /dev/null
+++ b/tests/tests/usertools/useradd/61_useradd-K/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd uses -K options"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set option with -K (useradd -K PASS_MAX_DAYS=42 foo)..."
+useradd -K PASS_MAX_DAYS=42 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config.txt b/tests/tests/usertools/useradd/62_useradd-p/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/default/useradd b/tests/tests/usertools/useradd/62_useradd-p/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/group b/tests/tests/usertools/useradd/62_useradd-p/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/gshadow b/tests/tests/usertools/useradd/62_useradd-p/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/passwd b/tests/tests/usertools/useradd/62_useradd-p/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/62_useradd-p/config/etc/shadow b/tests/tests/usertools/useradd/62_useradd-p/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/group b/tests/tests/usertools/useradd/62_useradd-p/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/gshadow b/tests/tests/usertools/useradd/62_useradd-p/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/passwd b/tests/tests/usertools/useradd/62_useradd-p/data/passwd
new file mode 100644
index 0000000..ed91b35
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:/bin/foobar
diff --git a/tests/tests/usertools/useradd/62_useradd-p/data/shadow b/tests/tests/usertools/useradd/62_useradd-p/data/shadow
new file mode 100644
index 0000000..4abac0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:fooPass:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/62_useradd-p/useradd.test b/tests/tests/usertools/useradd/62_useradd-p/useradd.test
new file mode 100755
index 0000000..655f871
--- /dev/null
+++ b/tests/tests/usertools/useradd/62_useradd-p/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "The -p option can set the password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set password (useradd -p fooPass foo)..."
+useradd -p fooPass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config.txt b/tests/tests/usertools/useradd/63_useradd-s/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/default/useradd b/tests/tests/usertools/useradd/63_useradd-s/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/group b/tests/tests/usertools/useradd/63_useradd-s/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/gshadow b/tests/tests/usertools/useradd/63_useradd-s/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/passwd b/tests/tests/usertools/useradd/63_useradd-s/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/63_useradd-s/config/etc/shadow b/tests/tests/usertools/useradd/63_useradd-s/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/group b/tests/tests/usertools/useradd/63_useradd-s/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/gshadow b/tests/tests/usertools/useradd/63_useradd-s/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/passwd b/tests/tests/usertools/useradd/63_useradd-s/data/passwd
new file mode 100644
index 0000000..5c7dfc4
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:*/bin/dash
diff --git a/tests/tests/usertools/useradd/63_useradd-s/data/shadow b/tests/tests/usertools/useradd/63_useradd-s/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/63_useradd-s/useradd.test b/tests/tests/usertools/useradd/63_useradd-s/useradd.test
new file mode 100755
index 0000000..99e783b
--- /dev/null
+++ b/tests/tests/usertools/useradd/63_useradd-s/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "The -s option can change the default shell"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set shell (useradd -s \"*/bin/dash\" foo)..."
+useradd -s "*/bin/dash" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config.txt b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config.txt
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/default/useradd b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/group b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/gshadow b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/passwd b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/shadow b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/data/useradd.err b/tests/tests/usertools/useradd/64_useradd_locked_passwd/data/useradd.err
new file mode 100644
index 0000000..c4b6ed3
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/passwd.lock without a PID
+useradd: cannot lock /etc/passwd; try again later.
diff --git a/tests/tests/usertools/useradd/64_useradd_locked_passwd/useradd.test b/tests/tests/usertools/useradd/64_useradd_locked_passwd/useradd.test
new file mode 100755
index 0000000..8dde325
--- /dev/null
+++ b/tests/tests/usertools/useradd/64_useradd_locked_passwd/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the passwd file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/passwd.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/passwd..."
+touch /etc/passwd.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/passwd.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config.txt b/tests/tests/usertools/useradd/65_useradd_locked_group/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config.txt
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/default/useradd b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/group b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/gshadow b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/passwd b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/shadow b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/data/useradd.err b/tests/tests/usertools/useradd/65_useradd_locked_group/data/useradd.err
new file mode 100644
index 0000000..b36210f
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/group.lock without a PID
+useradd: cannot lock /etc/group; try again later.
diff --git a/tests/tests/usertools/useradd/65_useradd_locked_group/useradd.test b/tests/tests/usertools/useradd/65_useradd_locked_group/useradd.test
new file mode 100755
index 0000000..e6583ba
--- /dev/null
+++ b/tests/tests/usertools/useradd/65_useradd_locked_group/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the group file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/group.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/group..."
+touch /etc/group.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/group.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config.txt b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config.txt
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/default/useradd b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/group b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/gshadow b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/passwd b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/shadow b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/data/useradd.err b/tests/tests/usertools/useradd/66_useradd_locked_shadow/data/useradd.err
new file mode 100644
index 0000000..a29346a
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/shadow.lock without a PID
+useradd: cannot lock /etc/shadow; try again later.
diff --git a/tests/tests/usertools/useradd/66_useradd_locked_shadow/useradd.test b/tests/tests/usertools/useradd/66_useradd_locked_shadow/useradd.test
new file mode 100755
index 0000000..24ef14f
--- /dev/null
+++ b/tests/tests/usertools/useradd/66_useradd_locked_shadow/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the shadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/shadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/shadow..."
+touch /etc/shadow.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/shadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config.txt b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config.txt
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/default/useradd b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/group b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/group
new file mode 100644
index 0000000..66f04f6
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/gshadow b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..19f1325
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/passwd b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/shadow b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/data/useradd.err b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/data/useradd.err
new file mode 100644
index 0000000..9155bfd
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/data/useradd.err
@@ -0,0 +1,2 @@
+useradd: existing lock file /etc/gshadow.lock without a PID
+useradd: cannot lock /etc/gshadow; try again later.
diff --git a/tests/tests/usertools/useradd/67_useradd_locked_gshadow/useradd.test b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/useradd.test
new file mode 100755
index 0000000..71f7dc0
--- /dev/null
+++ b/tests/tests/usertools/useradd/67_useradd_locked_gshadow/useradd.test
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd -G checks if the gshadow file is locked"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /etc/gshadow.lock' 0
+
+change_config
+
+echo -n "Create lock file for /etc/gshadow..."
+touch /etc/gshadow.lock
+echo "done"
+
+echo -n "Add user foo (useradd foo)..."
+useradd foo 2>tmp/useradd.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+rm -f /etc/gshadow.lock
+
+echo -n "Check returned status ($status)..."
+test "$status" = "10"
+echo "OK"
+
+echo "useradd reported:"
+echo "======================================================================="
+cat tmp/useradd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/useradd.err tmp/useradd.err
+echo "error message OK."
+rm -f tmp/useradd.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config.txt b/tests/tests/usertools/useradd/68_useradd-s_empty/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/default/useradd b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/group b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/gshadow b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/passwd b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/shadow b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/group b/tests/tests/usertools/useradd/68_useradd-s_empty/data/group
new file mode 100644
index 0000000..fecba0c
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/gshadow b/tests/tests/usertools/useradd/68_useradd-s_empty/data/gshadow
new file mode 100644
index 0000000..bfc0675
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:!::
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/passwd b/tests/tests/usertools/useradd/68_useradd-s_empty/data/passwd
new file mode 100644
index 0000000..8a4ebe5
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/tmp/foo:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/data/shadow b/tests/tests/usertools/useradd/68_useradd-s_empty/data/shadow
new file mode 100644
index 0000000..0aee0c5
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:@TODAY@:0:99999:7:12:13849:
diff --git a/tests/tests/usertools/useradd/68_useradd-s_empty/useradd.test b/tests/tests/usertools/useradd/68_useradd-s_empty/useradd.test
new file mode 100755
index 0000000..448000c
--- /dev/null
+++ b/tests/tests/usertools/useradd/68_useradd-s_empty/useradd.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "The -s option can set an empty shell"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create user foo and set empty shell (useradd -s \"\" foo)..."
+useradd -s "" foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
new file mode 100644
index 0000000..74c5907
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config.txt
@@ -0,0 +1,8 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group bin
+user foo, in group adm
+user foo, in group man
+user foo, in group cdrom
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
new file mode 100644
index 0000000..9e75e54
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/default/useradd
@@ -0,0 +1,40 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# Addional supplementary groups for users
+GROUPS=bin,adm,man,cdrom
+#
+# The default home directory. Same as DHOME for adduser
+#
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
new file mode 100644
index 0000000..773c93b
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
new file mode 100644
index 0000000..02214e6
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/data/group
@@ -0,0 +1,42 @@
+ root:x:0:
+daemon:x:1:
+bin:x:2:foo
+sys:x:3:
+adm:x:4:foo
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:foo
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:foo
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
\ No newline at end of file
diff --git a/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
new file mode 100755
index 0000000..9446830
--- /dev/null
+++ b/tests/tests/usertools/useradd/69_useradd_default_GROUPS_name/useradd.test
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname $0)"
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "useradd adds supplementary groups based on the GROUPS field in /etc/deault/useradd"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+printf "Create user foo, with group associations with bin,adm,man,cdrom..."
+useradd foo
+printf "OK\n"
+
+printf "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+printf "OK\n"
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config.txt b/tests/tests/usertools/userdel/01_userdel_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/default/useradd b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/group b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/gshadow b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/passwd b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/config/etc/shadow b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/data/usage.out b/tests/tests/usertools/userdel/01_userdel_usage/data/usage.out
new file mode 100644
index 0000000..955c793
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/data/usage.out
@@ -0,0 +1,10 @@
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/01_userdel_usage/userdel.test b/tests/tests/usertools/userdel/01_userdel_usage/userdel.test
new file mode 100755
index 0000000..6d2b9e8
--- /dev/null
+++ b/tests/tests/usertools/userdel/01_userdel_usage/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get userdel usage (userdel -h)..."
+userdel -h >tmp/usage.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config.txt b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/default/useradd b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/group b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/gshadow b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/passwd b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/shadow b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/data/usage.out b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/data/usage.out
new file mode 100644
index 0000000..a0dcbf8
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/data/usage.out
@@ -0,0 +1,11 @@
+userdel: unrecognized option '--foo'
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/userdel.test b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/userdel.test
new file mode 100755
index 0000000..7d134f0
--- /dev/null
+++ b/tests/tests/usertools/userdel/02_userdel_usage_invalid_option/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call userdel with an invalid option (userdel --foo)..."
+userdel --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config.txt b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/default/useradd b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/group b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/gshadow b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/passwd b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/shadow b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/data/usage.out b/tests/tests/usertools/userdel/03_userdel_usage_no_users/data/usage.out
new file mode 100644
index 0000000..955c793
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/data/usage.out
@@ -0,0 +1,10 @@
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/03_userdel_usage_no_users/userdel.test b/tests/tests/usertools/userdel/03_userdel_usage_no_users/userdel.test
new file mode 100755
index 0000000..9bf3685
--- /dev/null
+++ b/tests/tests/usertools/userdel/03_userdel_usage_no_users/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call userdel without an user (userdel -f)..."
+userdel -f 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config.txt b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/default/useradd b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/group b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/gshadow b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/passwd b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/shadow b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/data/usage.out b/tests/tests/usertools/userdel/04_userdel_usage_2_users/data/usage.out
new file mode 100644
index 0000000..955c793
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/data/usage.out
@@ -0,0 +1,10 @@
+Usage: userdel [options] LOGIN
+
+Options:
+  -f, --force                   force removal of files,
+                                even if not owned by user
+  -h, --help                    display this help message and exit
+  -r, --remove                  remove home directory and mail spool
+  -R, --root CHROOT_DIR         directory to chroot into
+  -Z, --selinux-user            remove any SELinux user mapping for the user
+
diff --git a/tests/tests/usertools/userdel/04_userdel_usage_2_users/userdel.test b/tests/tests/usertools/userdel/04_userdel_usage_2_users/userdel.test
new file mode 100755
index 0000000..6788240
--- /dev/null
+++ b/tests/tests/usertools/userdel/04_userdel_usage_2_users/userdel.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel displays its usage message when called incorrectly"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Call userdel with 2 users (userdel -f bin nobody)..."
+userdel -f bin nobody 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config.txt b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/default/useradd b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/group b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/group
new file mode 100644
index 0000000..ac82d7f
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/gshadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs
new file mode 100644
index 0000000..ec8ac1f
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB no
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/passwd b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/shadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/group b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/group
new file mode 100644
index 0000000..c60d727
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/gshadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/passwd b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/shadow b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
new file mode 100755
index 0000000..83e801f
--- /dev/null
+++ b/tests/tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if USERGROUPS_ENAB is disabled"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config.txt b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/default/useradd b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/group b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/group
new file mode 100644
index 0000000..d5d74e2
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/gshadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/passwd b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/shadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/group b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/group
new file mode 100644
index 0000000..15f4c27
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/gshadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/gshadow
new file mode 100644
index 0000000..5e2c5d3
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/passwd b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/shadow b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/06_userdel_no_usergroup/userdel.test b/tests/tests/usertools/userdel/06_userdel_no_usergroup/userdel.test
new file mode 100755
index 0000000..f0907c6
--- /dev/null
+++ b/tests/tests/usertools/userdel/06_userdel_no_usergroup/userdel.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it has a different name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config.txt b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/default/useradd b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/group b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/group
new file mode 100644
index 0000000..c39e02c
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/gshadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/gshadow
new file mode 100644
index 0000000..75ecdfe
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/passwd b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/shadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/group b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/group
new file mode 100644
index 0000000..3aa5282
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/group
@@ -0,0 +1,44 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1002:
+foo1:x:1000:
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/gshadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/gshadow
new file mode 100644
index 0000000..75ecdfe
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/gshadow
@@ -0,0 +1,44 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo1:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/passwd b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/shadow b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/userdel.out b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/userdel.out
new file mode 100644
index 0000000..0ccbef6
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/data/userdel.out
@@ -0,0 +1 @@
+userdel: group foo not removed because it is not the primary group of user foo.
diff --git a/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/userdel.test b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
new file mode 100755
index 0000000..9ff44d4
--- /dev/null
+++ b/tests/tests/usertools/userdel/07_userdel_usergroup_not_primary/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if it has a different name"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/userdel.out tmp/userdel.out
+echo "usage message OK."
+rm -f tmp/userdel.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config.txt b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/default/useradd b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/group b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/group
new file mode 100644
index 0000000..ff15b82
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/gshadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/gshadow
new file mode 100644
index 0000000..50ca6ce
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo2
+foo2:*::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/passwd b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/shadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/group b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/group
new file mode 100644
index 0000000..5e4034b
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/gshadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/gshadow
new file mode 100644
index 0000000..50ca6ce
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::foo2
+foo2:*::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/passwd b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/shadow b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/userdel.out b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/userdel.out
new file mode 100644
index 0000000..2dc27c8
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/data/userdel.out
@@ -0,0 +1 @@
+userdel: group foo not removed because it has other members.
diff --git a/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
new file mode 100755
index 0000000..69fc339
--- /dev/null
+++ b/tests/tests/usertools/userdel/08_userdel_usergroup_with_other_members/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group if is has other members"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/userdel.out tmp/userdel.out
+echo "usage message OK."
+rm -f tmp/userdel.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config.txt b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config.txt
new file mode 100644
index 0000000..1b0360b
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config.txt
@@ -0,0 +1 @@
+user foo, in group users according to /etc/group only
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/default/useradd b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/group b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/group
new file mode 100644
index 0000000..ff15b82
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/gshadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs
new file mode 100644
index 0000000..3b216aa
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/passwd b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/passwd
new file mode 100644
index 0000000..9958fca
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:::/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/shadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/shadow
new file mode 100644
index 0000000..eaf0278
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/group b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/group
new file mode 100644
index 0000000..5e4034b
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:foo2
+foo2:x:1001:
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/gshadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/gshadow
new file mode 100644
index 0000000..a526819
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+foo2:*::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/passwd b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/passwd
new file mode 100644
index 0000000..8846932
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1001:1001:::/bin/false
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/shadow b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/userdel.out b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/userdel.out
new file mode 100644
index 0000000..2dc27c8
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/data/userdel.out
@@ -0,0 +1 @@
+userdel: group foo not removed because it has other members.
diff --git a/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
new file mode 100755
index 0000000..2387401
--- /dev/null
+++ b/tests/tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/userdel.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not remove the user's group from gshadow if there were no additional members in gshadow but there were in group"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Delete user foo (userdel foo)..."
+userdel foo 2>tmp/userdel.out
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/userdel.out tmp/userdel.out
+echo "usage message OK."
+rm -f tmp/userdel.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config.txt b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/default/useradd b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/group b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/gshadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/passwd b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/shadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/group b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/gshadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/passwd b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/shadow b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/userdel.err b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/userdel.err
new file mode 100644
index 0000000..893b416
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/data/userdel.err
@@ -0,0 +1 @@
+userdel: /home/foo is a symbolic link, not removing
diff --git a/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/userdel.test b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
new file mode 100755
index 0000000..eb9c6fe
--- /dev/null
+++ b/tests/tests/usertools/userdel/10_userdel_del_homedir_symlink/userdel.test
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "userdel does not delete the user's home directory as symlink"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /var/mail/foo /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo2
+touch /home/foo2/file
+chown -R foo:foo /home/foo2
+ln -s foo2 /home/foo
+touch /var/mail/foo
+chown --no-dereference foo:foo /var/mail/foo /home/foo
+
+echo -n "Delete user foo (userdel -r foo)..."
+userdel -r foo 2>tmp/userdel.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "userdel reported:"
+echo "======================================================================="
+cat tmp/userdel.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/userdel.err tmp/userdel.err
+echo "error message OK."
+rm -f tmp/userdel.err
+
+echo "The user should have been removed."
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl data/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was not removed..."
+test -L /home/foo
+test -d /home/foo2
+test -f /home/foo2/file
+echo "OK"
+echo -n "Check the user's mail spool was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+rm -rf /home/foo /home/foo2
+
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config.txt b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/group b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/passwd b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/shadow b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/data/passwd b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/data/passwd
new file mode 100644
index 0000000..d9798a6
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/usermod.test b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
new file mode 100755
index 0000000..e272fc8
--- /dev/null
+++ b/tests/tests/usertools/usermod/01_usermod-p_no_shadow_file/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+usermod -p foopass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config.txt b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/group b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/data/passwd b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/data/passwd
new file mode 100644
index 0000000..d9798a6
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:foopass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
new file mode 100755
index 0000000..a5231c5
--- /dev/null
+++ b/tests/tests/usertools/usermod/02_usermod-p_no_shadow_entry/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+usermod -p foopass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config.txt b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/default/useradd b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/group b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/gshadow b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/passwd b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/shadow b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/data/shadow b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/data/shadow
new file mode 100644
index 0000000..0c6770f
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:foopass:@TODAY@:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
new file mode 100755
index 0000000..3cdfabc
--- /dev/null
+++ b/tests/tests/usertools/usermod/03_usermod-p_no_shadow_entry_but_shadow_enabled/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not require a shadow entry"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's password (usermod -p foopass foo)..."
+usermod -p foopass foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config.txt b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/default/useradd b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/group b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/gshadow b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/passwd b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/shadow b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/shadow
new file mode 100644
index 0000000..151547d
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!oldpass:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
new file mode 100755
index 0000000..9f4907f
--- /dev/null
+++ b/tests/tests/usertools/usermod/04_usermod_lock_already_locked_password1/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to lock an already locked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (usermod -L foo)..."
+usermod -L foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config.txt b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/default/useradd b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/group b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/gshadow b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/passwd b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/passwd
new file mode 100644
index 0000000..9abcbc4
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/shadow b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/shadow
new file mode 100644
index 0000000..6e9fa8e
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/data/shadow b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/data/shadow
new file mode 100644
index 0000000..18b71a2
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!blahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
new file mode 100755
index 0000000..bd8e338
--- /dev/null
+++ b/tests/tests/usertools/usermod/05_usermod_lock_already_locked_password2/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to lock an already locked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (usermod -L foo)..."
+usermod -L foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config.txt b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/default/useradd b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/group b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/gshadow b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/passwd b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/passwd
new file mode 100644
index 0000000..9abcbc4
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:!blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/shadow b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
new file mode 100755
index 0000000..9f4907f
--- /dev/null
+++ b/tests/tests/usertools/usermod/06_usermod_lock_already_locked_password3/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to lock an already locked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock foo's password (usermod -L foo)..."
+usermod -L foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config.txt b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/default/useradd b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/group b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/gshadow b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/passwd b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/shadow b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/shadow
new file mode 100644
index 0000000..6e9fa8e
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
new file mode 100755
index 0000000..68c6d4c
--- /dev/null
+++ b/tests/tests/usertools/usermod/07_usermod_unlock_already_unlocked_password1/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to unlock an already unlocked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (usermod -U foo)..."
+usermod -U foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config.txt b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/default/useradd b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/group b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/gshadow b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/passwd b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/shadow b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/shadow
new file mode 100644
index 0000000..3d01e1a
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!unusedblahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/data/shadow b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/data/shadow
new file mode 100644
index 0000000..646a9a5
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:unusedblahblahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
new file mode 100755
index 0000000..a845677
--- /dev/null
+++ b/tests/tests/usertools/usermod/08_usermod_unlock_already_unlocked_password2/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to unlock an already unlocked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (usermod -U foo)..."
+usermod -U foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config.txt b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/default/useradd b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/group b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/gshadow b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/passwd b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/passwd
new file mode 100644
index 0000000..06b331b
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:blahblahblah:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/shadow b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
new file mode 100755
index 0000000..68c6d4c
--- /dev/null
+++ b/tests/tests/usertools/usermod/09_usermod_unlock_already_unlocked_password3/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not fail to unlock an already unlocked password"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Unlock foo's password (usermod -U foo)..."
+usermod -U foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config.txt b/tests/tests/usertools/usermod/10_usermod_usage/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/default/useradd b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/group b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/gshadow b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/passwd b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/config/etc/shadow b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/data/usage.out b/tests/tests/usertools/usermod/10_usermod_usage/data/usage.out
new file mode 100644
index 0000000..a877447
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/data/usage.out
@@ -0,0 +1,30 @@
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/10_usermod_usage/usermod.test b/tests/tests/usertools/usermod/10_usermod_usage/usermod.test
new file mode 100755
index 0000000..2f96442
--- /dev/null
+++ b/tests/tests/usertools/usermod/10_usermod_usage/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can display its usage message"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get usermod usage (usermod -h)..."
+usermod -h >tmp/usage.out
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config.txt b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/default/useradd b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/group b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/gshadow b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/passwd b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/shadow b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/data/usage.out b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/data/usage.out
new file mode 100644
index 0000000..8e4ad3f
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/data/usage.out
@@ -0,0 +1,31 @@
+usermod: unrecognized option '--foo'
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/11_usermod_usage_bad_option/usermod.test b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/usermod.test
new file mode 100755
index 0000000..a5ebf49
--- /dev/null
+++ b/tests/tests/usertools/usermod/11_usermod_usage_bad_option/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod displays its usage message in case on non recognized option"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Get usermod usage (usermod --foo)..."
+usermod --foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config.txt b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/default/useradd b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/group b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/gshadow b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/passwd b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/shadow b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/data/usermod.err b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/data/usermod.err
new file mode 100644
index 0000000..e5438f4
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid numeric argument 'bar'
diff --git a/tests/tests/usertools/usermod/12_usermod_usage_bad-f/usermod.test b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/usermod.test
new file mode 100755
index 0000000..68a6563
--- /dev/null
+++ b/tests/tests/usertools/usermod/12_usermod_usage_bad-f/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the number of inactive days is a number"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Use -f without a number (usermod -f bar foo)..."
+usermod -f bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config.txt b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/default/useradd b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/group b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/gshadow b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/passwd b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/passwd
new file mode 100644
index 0000000..43fc135
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/passwd
@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/shadow b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/data/usermod.err b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/data/usermod.err
new file mode 100644
index 0000000..4e80b68
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negativ/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid numeric argument '-2'
diff --git a/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
new file mode 100755
index 0000000..b7655a3
--- /dev/null
+++ b/tests/tests/usertools/usermod/13_usermod_usage_bad-f_negative/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod displays its usage message in case when -f receive a wrong number"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Set number of inactive days to -2 (usermod -f -2)..."
+usermod -f -2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config.txt b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/default/useradd b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/group b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/gshadow b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/passwd b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/shadow b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/data/usage.out b/tests/tests/usertools/usermod/14_usermod_usage_no_options/data/usage.out
new file mode 100644
index 0000000..336b216
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/data/usage.out
@@ -0,0 +1,31 @@
+usermod: no options
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/14_usermod_usage_no_options/usermod.test b/tests/tests/usertools/usermod/14_usermod_usage_no_options/usermod.test
new file mode 100755
index 0000000..caa9de7
--- /dev/null
+++ b/tests/tests/usertools/usermod/14_usermod_usage_no_options/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that there is actually something to change"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change user foo (usermod foo)..."
+usermod foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config.txt b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/default/useradd b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/group b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/gshadow b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/passwd b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/shadow b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/data/usage.out b/tests/tests/usertools/usermod/15_usermod_usage_no_user/data/usage.out
new file mode 100644
index 0000000..a877447
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/data/usage.out
@@ -0,0 +1,30 @@
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/15_usermod_usage_no_user/usermod.test b/tests/tests/usertools/usermod/15_usermod_usage_no_user/usermod.test
new file mode 100755
index 0000000..98e8c09
--- /dev/null
+++ b/tests/tests/usertools/usermod/15_usermod_usage_no_user/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the user to be changed is provided"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change a user name (usermod -l bar)..."
+usermod -l bar 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config.txt b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/group b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/passwd b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/shadow b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/data/usage.out b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..4068a75
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+usermod: shadow passwords required for -e and -f
diff --git a/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
new file mode 100755
index 0000000..1cf05f5
--- /dev/null
+++ b/tests/tests/usertools/usermod/16_usermod_usage_-e_no_shadow_file/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the shadow file exist for option -e"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change expire date (usermod -e 10 foo)..."
+usermod -e 10 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config.txt b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/group b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/passwd b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/shadow b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/data/usage.out b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/data/usage.out
new file mode 100644
index 0000000..4068a75
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/data/usage.out
@@ -0,0 +1 @@
+usermod: shadow passwords required for -e and -f
diff --git a/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
new file mode 100755
index 0000000..f62a292
--- /dev/null
+++ b/tests/tests/usertools/usermod/17_usermod_usage_-f_no_shadow_file/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that the shadow file exist for option -f"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/shadow..."
+rm -f /etc/shadow
+echo "done"
+
+echo -n "Change number of inactive days (usermod -f 10 foo)..."
+usermod -f 10 foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+test ! -f /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config.txt b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/default/useradd b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/group b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/gshadow b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/passwd b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/shadow b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/data/usage.out b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/data/usage.out
new file mode 100644
index 0000000..fe37c40
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/data/usage.out
@@ -0,0 +1,31 @@
+usermod: the -L, -p, and -U flags are exclusive
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
new file mode 100755
index 0000000..3886f26
--- /dev/null
+++ b/tests/tests/usertools/usermod/18_usermod_usage-L-p_exclusive/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that -L and -p are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change an lock password (usermod -L -p newpass foo)..."
+usermod -L -p newpass foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config.txt b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/default/useradd b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/group b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/gshadow b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/passwd b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/shadow b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/data/usage.out b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/data/usage.out
new file mode 100644
index 0000000..fe37c40
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/data/usage.out
@@ -0,0 +1,31 @@
+usermod: the -L, -p, and -U flags are exclusive
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
new file mode 100755
index 0000000..5ab2270
--- /dev/null
+++ b/tests/tests/usertools/usermod/19_usermod_usage-L-U_exclusive/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that -L and -U are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Lock an unlock password (usermod -L -U foo)..."
+usermod -L -U foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config.txt b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/default/useradd b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/group b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/gshadow b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/passwd b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/shadow b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/data/usage.out b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/data/usage.out
new file mode 100644
index 0000000..fe37c40
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/data/usage.out
@@ -0,0 +1,31 @@
+usermod: the -L, -p, and -U flags are exclusive
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
new file mode 100755
index 0000000..0dc1ea4
--- /dev/null
+++ b/tests/tests/usertools/usermod/20_usermod_usage-p-U_exclusive/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks that -U and -p are not provided at the same time"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change an unlock password (usermod -U -p newpass foo)..."
+usermod -U -p newpass foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config.txt b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config.txt
new file mode 100644
index 0000000..f21fb08
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config.txt
@@ -0,0 +1,6 @@
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/default/useradd b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/group b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/gshadow b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/passwd b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/shadow b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/group b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/group
new file mode 100644
index 0000000..730e4dd
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo2
+tty:x:5:
+disk:x:6:
+lp:x:7:root,foo2
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo2
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo2
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo2
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/passwd b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/passwd
new file mode 100644
index 0000000..f9b7829
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo2:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/shadow b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/shadow
new file mode 100644
index 0000000..60a11cf
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo2:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
new file mode 100755
index 0000000..5ad5bf9
--- /dev/null
+++ b/tests/tests/usertools/usermod/21_usermod_rename_user_no_gshadow_file/usermod.test
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rename the user in the lists of members, when an user is renamed with -l"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Remove /etc/gshadow..."
+rm -f /etc/gshadow
+echo "done"
+
+echo -n "Rename user foo (usermod -l foo2 foo)..."
+usermod -l foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+test ! -f /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config.txt b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/default/useradd b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/group b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/gshadow b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/passwd b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/shadow b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/data/usage.out b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/data/usage.out
new file mode 100644
index 0000000..5a96e57
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/data/usage.out
@@ -0,0 +1 @@
+usermod: invalid user name '2:bar'
diff --git a/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
new file mode 100755
index 0000000..66ff45a
--- /dev/null
+++ b/tests/tests/usertools/usermod/22_usermod_usage_rename_invalid_username/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the validity of a new username"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Rename with invalid username (usermod -l 2bar foo)..."
+usermod -l 2:bar foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config.txt b/tests/tests/usertools/usermod/23_usermod-e_date/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/default/useradd b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/group b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/gshadow b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/passwd b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/shadow b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/data/shadow b/tests/tests/usertools/usermod/23_usermod-e_date/data/shadow
new file mode 100644
index 0000000..af98956
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::15320:
diff --git a/tests/tests/usertools/usermod/23_usermod-e_date/usermod.test b/tests/tests/usertools/usermod/23_usermod-e_date/usermod.test
new file mode 100755
index 0000000..5ab527f
--- /dev/null
+++ b/tests/tests/usertools/usermod/23_usermod-e_date/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can set the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's expiry date (usermod -e 2011-12-12 foo)..."
+usermod -e 2011-12-12 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config.txt b/tests/tests/usertools/usermod/24_usermod-e_date/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/default/useradd b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/group b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/gshadow b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/passwd b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/shadow b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/shadow
new file mode 100644
index 0000000..ae79ac5
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::42:
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/data/shadow b/tests/tests/usertools/usermod/24_usermod-e_date/data/shadow
new file mode 100644
index 0000000..a1923b5
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::42424:
diff --git a/tests/tests/usertools/usermod/24_usermod-e_date/usermod.test b/tests/tests/usertools/usermod/24_usermod-e_date/usermod.test
new file mode 100755
index 0000000..a2ae15a
--- /dev/null
+++ b/tests/tests/usertools/usermod/24_usermod-e_date/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can set the expiry date (number of days)"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's expiry date (usermod -e 42424 foo)..."
+usermod -e 42424 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config.txt b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/default/useradd b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/group b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/gshadow b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/passwd b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/shadow b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/data/shadow b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/data/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/25_usermod-e_empty_arg/usermod.test b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/usermod.test
new file mode 100755
index 0000000..997d51a
--- /dev/null
+++ b/tests/tests/usertools/usermod/25_usermod-e_empty_arg/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can disable the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e '' foo)..."
+usermod -e '' foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config.txt b/tests/tests/usertools/usermod/26_usermod-e-1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/default/useradd b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/group b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/gshadow b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/passwd b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/shadow b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/data/shadow b/tests/tests/usertools/usermod/26_usermod-e-1/data/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/26_usermod-e-1/usermod.test b/tests/tests/usertools/usermod/26_usermod-e-1/usermod.test
new file mode 100755
index 0000000..c15ddc6
--- /dev/null
+++ b/tests/tests/usertools/usermod/26_usermod-e-1/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can disable the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e -1 foo)..."
+usermod -e -1 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config.txt b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/default/useradd b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/group b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/gshadow b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/passwd b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/shadow b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/data/usermod.err b/tests/tests/usertools/usermod/27_usermod-e_invalid1/data/usermod.err
new file mode 100644
index 0000000..3de424e
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid date '-2'
diff --git a/tests/tests/usertools/usermod/27_usermod-e_invalid1/usermod.test b/tests/tests/usertools/usermod/27_usermod-e_invalid1/usermod.test
new file mode 100755
index 0000000..c564197
--- /dev/null
+++ b/tests/tests/usertools/usermod/27_usermod-e_invalid1/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the validity of the expiry argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e -2 foo)..."
+usermod -e -2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config.txt b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/default/useradd b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/group b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/gshadow b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/passwd b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/shadow b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/shadow
new file mode 100644
index 0000000..b21ccf8
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7::2:
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/data/usermod.err b/tests/tests/usertools/usermod/28_usermod-e_invalid2/data/usermod.err
new file mode 100644
index 0000000..43494b0
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/data/usermod.err
@@ -0,0 +1 @@
+usermod: invalid date 'bar'
diff --git a/tests/tests/usertools/usermod/28_usermod-e_invalid2/usermod.test b/tests/tests/usertools/usermod/28_usermod-e_invalid2/usermod.test
new file mode 100755
index 0000000..fa761b2
--- /dev/null
+++ b/tests/tests/usertools/usermod/28_usermod-e_invalid2/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the validity of the expiry argument"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Disable the user's expiry date (usermod -e bar foo)..."
+usermod -e bar foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "3"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config.txt b/tests/tests/usertools/usermod/29_usermod_no_changes/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/default/useradd b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/group b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/gshadow b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/passwd b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/passwd
new file mode 100644
index 0000000..7c90a9b
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000:GeCoS:/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/shadow b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/shadow
new file mode 100644
index 0000000..0a24422
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:oldpass:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/data/usermod.err b/tests/tests/usertools/usermod/29_usermod_no_changes/data/usermod.err
new file mode 100644
index 0000000..ea8edd6
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/data/usermod.err
@@ -0,0 +1 @@
+usermod: no changes
diff --git a/tests/tests/usertools/usermod/29_usermod_no_changes/usermod.test b/tests/tests/usertools/usermod/29_usermod_no_changes/usermod.test
new file mode 100755
index 0000000..5d70329
--- /dev/null
+++ b/tests/tests/usertools/usermod/29_usermod_no_changes/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod detects when no real changes are requested"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Perform non changes (usermod -l foo -c GeCoS -e -1 -f -1 -u 1000 -d /nonexistent -s /bin/sh foo)..."
+usermod -l foo -c GeCoS -e -1 -f -1 -u 1000 -d /nonexistent -s /bin/sh foo 2>tmp/usermod.err
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config.txt b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/default/useradd b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/group b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/gshadow b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/passwd b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/shadow b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/data/usage.out b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/data/usage.out
new file mode 100644
index 0000000..90d3384
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/data/usage.out
@@ -0,0 +1,31 @@
+usermod: -a flag is only allowed with the -G flag
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/usermod.test b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/usermod.test
new file mode 100755
index 0000000..6e30cfd
--- /dev/null
+++ b/tests/tests/usertools/usermod/30_usermod_usage-a_without-G/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rejects -a without -G"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Append groups without groups (usermod -a foo)..."
+usermod -a foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config.txt b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/default/useradd b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/group b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/gshadow b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/passwd b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/shadow b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/data/usage.out b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/data/usage.out
new file mode 100644
index 0000000..d8baae8
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/data/usage.out
@@ -0,0 +1,31 @@
+usermod: -o flag is only allowed with the -u flag
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/usermod.test b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/usermod.test
new file mode 100755
index 0000000..bf57aa7
--- /dev/null
+++ b/tests/tests/usertools/usermod/31_usermod_usage-o_without-u/usermod.test
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rejects -o without -u"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Append groups without groups (usermod -o foo)..."
+usermod -o foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config.txt b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config.txt
new file mode 100644
index 0000000..31f5635
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config.txt
@@ -0,0 +1,10 @@
+# no testsuite password
+# root password: rootF00barbaz
+# myuser password: myuserF00barbaz
+
+user foo, in group users (only in /etc/group)
+user foo, in group tty (only in /etc/gshadow)
+user foo, in group floppy
+user foo, admin of group disk
+user foo, admin and member of group fax
+user foo, admin and member of group cdrom (only in /etc/gshadow)
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/default/useradd b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/group b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/group
new file mode 100644
index 0000000..1012390
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/group
@@ -0,0 +1,41 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/gshadow b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/gshadow
new file mode 100644
index 0000000..ae42486
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/gshadow
@@ -0,0 +1,41 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/passwd b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/passwd
new file mode 100644
index 0000000..dbb06b8
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/nonexistent:/bin/sh
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/shadow b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/data/usage.out b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/data/usage.out
new file mode 100644
index 0000000..3d86d0a
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/data/usage.out
@@ -0,0 +1,31 @@
+usermod: -m flag is only allowed with the -d flag
+Usage: usermod [options] LOGIN
+
+Options:
+  -c, --comment COMMENT         new value of the GECOS field
+  -d, --home HOME_DIR           new home directory for the user account
+  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
+  -f, --inactive INACTIVE       set password inactive after expiration
+                                to INACTIVE
+  -g, --gid GROUP               force use GROUP as new primary group
+  -G, --groups GROUPS           new list of supplementary GROUPS
+  -a, --append                  append the user to the supplemental GROUPS
+                                mentioned by the -G option without removing
+                                the user from other groups
+  -h, --help                    display this help message and exit
+  -l, --login NEW_LOGIN         new value of the login name
+  -L, --lock                    lock the user account
+  -m, --move-home               move contents of the home directory to the
+                                new location (use only with -d)
+  -o, --non-unique              allow using duplicate (non-unique) UID
+  -p, --password PASSWORD       use encrypted password for the new password
+  -R, --root CHROOT_DIR         directory to chroot into
+  -s, --shell SHELL             new login shell for the user account
+  -u, --uid UID                 new UID for the user account
+  -U, --unlock                  unlock the user account
+  -v, --add-subuids FIRST-LAST  add range of subordinate uids
+  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
+  -w, --add-subgids FIRST-LAST  add range of subordinate gids
+  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
+  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account
+
diff --git a/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/usermod.test b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/usermod.test
new file mode 100755
index 0000000..407dc32
--- /dev/null
+++ b/tests/tests/usertools/usermod/32_usermod_usage-m_without-d/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod rejects -m without -d"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Move home without new home (usermod -m foo)..."
+usermod -m foo 2>tmp/usage.out && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "2"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usage.out
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usage.out tmp/usage.out
+echo "usage message OK."
+rm -f tmp/usage.out
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config.txt b/tests/tests/usertools/usermod/33_usermod_change_shell/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/default/useradd b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/group b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/gshadow b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/passwd b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/shadow b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/shadow
new file mode 100644
index 0000000..e678938
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:blahblah:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/data/passwd b/tests/tests/usertools/usermod/33_usermod_change_shell/data/passwd
new file mode 100644
index 0000000..57c4cf3
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/bash
diff --git a/tests/tests/usertools/usermod/33_usermod_change_shell/usermod.test b/tests/tests/usertools/usermod/33_usermod_change_shell/usermod.test
new file mode 100755
index 0000000..81145df
--- /dev/null
+++ b/tests/tests/usertools/usermod/33_usermod_change_shell/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can change the shell"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's shell (usermod -s /bin/bash foo)..."
+usermod -s /bin/bash foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config.txt b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/group b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..0175ffc
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:oldpass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/data/shadow b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..64ee844
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:oldpass:@TODAY@:0:99999:7::15320:
diff --git a/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
new file mode 100755
index 0000000..fa2e567
--- /dev/null
+++ b/tests/tests/usertools/usermod/34_usermod-e_date_no_shadow_entry/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod create a shadow entry to set the expiry date"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's expiry date (usermod -e 2011-12-12 foo)..."
+usermod -e 2011-12-12 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config.txt b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config.txt
new file mode 100644
index 0000000..a2ff911
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config.txt
@@ -0,0 +1,2 @@
+user foo exists, UID 1000
+user foo2 exists, UID 1001
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/group b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/gshadow b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/passwd b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/passwd
new file mode 100644
index 0000000..0175ffc
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:oldpass:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/shadow b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/shadow
new file mode 100644
index 0000000..5f50d18
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/config/etc/shadow
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/data/shadow b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/data/shadow
new file mode 100644
index 0000000..43a9175
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:oldpass:@TODAY@:0:99999:7:42::
diff --git a/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
new file mode 100755
index 0000000..0c1d293
--- /dev/null
+++ b/tests/tests/usertools/usermod/35_usermod-f_no_shadow_entry/usermod.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod create a shadow entry to set the number of inactive days"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Change the user's number of inactive days (usermod -f 42 foo)..."
+usermod -f 42 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config.txt b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/default/useradd b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/group b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/gshadow b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/passwd b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/shadow b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a
new file mode 100644
index 0000000..62a6381
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:foo `/home/foo/toto'
+drwxr-xr-x foo:foo `/home/foo/.'
+drwxr-xr-x root:root `/home/foo/..'
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a2 b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a2
new file mode 100644
index 0000000..e69e95d
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/home_ls-a2
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/passwd b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/usermod.err b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/usermod.err
new file mode 100644
index 0000000..64b72d1
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/data/usermod.err
@@ -0,0 +1 @@
+usermod: directory /home/foo2 exists
diff --git a/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
new file mode 100755
index 0000000..0821c02
--- /dev/null
+++ b/tests/tests/usertools/usermod/36_usermod_move_homedir_existing_dir/usermod.test
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+chown -R foo:foo /home/foo
+
+echo -n "Create /home/foo2"...
+mkdir /home/foo2
+echo "OK"
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was not removed..."
+test -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was not moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /home/foo/..."
+stat --printf "%A %U:%G %N\n" /home/foo/* /home/foo/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+echo -n "Check content of /home/foo2/..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a2
+diff -rauN data/home_ls-a2 tmp/home_ls-a2
+echo "OK"
+rm -f tmp/home_ls-a2
+
+echo -n "Remove the home directories..."
+rm -rf /home/foo /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config.txt b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/default/useradd b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/group b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/gshadow b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/passwd b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/shadow b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/data/passwd b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/data/passwd
new file mode 100644
index 0000000..bc9a6f0
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
new file mode 100755
index 0000000..3b3ba6f
--- /dev/null
+++ b/tests/tests/usertools/usermod/37_usermod_move_nonexistent_homedir/usermod.test
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+# Do not create the user's /home/foo home directory
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo2 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the old user's home directory was not created..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the new user's home directory was not created..."
+test ! -d /home/foo2
+echo "OK"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config.txt b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/default/useradd b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/group b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/gshadow b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/passwd b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/shadow b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/data/passwd b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
new file mode 100755
index 0000000..b232d9e
--- /dev/null
+++ b/tests/tests/usertools/usermod/38_usermod-u_lastlog_not_created/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/lastlog' 0
+
+change_config
+
+echo -n "Remove /var/log/lastlog (it will not be restored)..."
+rm -f /var/log/lastlog
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the /var/log/lastlog file was not created"...
+test ! -f /var/log/lastlog
+echo "OK"
+
+touch /var/log/lastlog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config.txt b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/group b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/passwd b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/shadow b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/data/passwd b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/data/passwd
new file mode 100644
index 0000000..137b91d
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/login.exp b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/login.exp
new file mode 100755
index 0000000..e534fe5
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/login.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f foo\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
new file mode 100755
index 0000000..8b4f43f
--- /dev/null
+++ b/tests/tests/usertools/usermod/39_usermod-u_copy_lastlog_entry/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+touch /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+lastlog > tmp/lastlog.out
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+lastlog > tmp/lastlog.out2
+
+echo "lastlog:"
+echo "======================================================================="
+cat tmp/lastlog.out2
+echo "======================================================================="
+
+echo -n "Check the lastlog message..."
+diff -au tmp/lastlog.out tmp/lastlog.out2
+echo "lastlog message OK."
+rm -f tmp/lastlog.out tmp/lastlog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config.txt b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/group b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/group
new file mode 100644
index 0000000..6470be5
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/gshadow
new file mode 100644
index 0000000..e982c7c
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/passwd b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/passwd
new file mode 100644
index 0000000..5173c28
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+bar:x:10000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/shadow b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/group b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/group
new file mode 100644
index 0000000..d972111
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/passwd b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/passwd
new file mode 100644
index 0000000..1cfb31f
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/shadow b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/login.exp b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/login.exp
new file mode 100755
index 0000000..e534fe5
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/login.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect
+
+set timeout 2
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login -f foo\r"
+expect "$ "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
new file mode 100755
index 0000000..5efc96f
--- /dev/null
+++ b/tests/tests/usertools/usermod/40_usermod-u_reset_new_lastlog_entry/usermod.test
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/lastlog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/lastlog (it will not be restored)..."
+touch /var/log/lastlog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+lastlog > tmp/lastlog.out
+
+echo "lastlog :"
+echo "======================================================================="
+cat tmp/lastlog.out
+echo "======================================================================="
+
+echo -n "Manually delete the user foo (to keep the lastlog entry)..."
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^foo:/d' -i /etc/group
+sed -e '/^foo:/d' -i /etc/gshadow
+echo "OK"
+
+echo -n "Change the user's UID to reuse foo's (usermod -u 1000 bar)..."
+usermod -u 1000 bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+lastlog > tmp/lastlog.out2
+
+echo "lastlog:"
+echo "======================================================================="
+cat tmp/lastlog.out2
+echo "======================================================================="
+
+echo -n "Check the lastlog message..."
+sed -e '/^foo /d' -i tmp/lastlog.out
+diff -au tmp/lastlog.out tmp/lastlog.out2
+echo "lastlog message OK."
+rm -f tmp/lastlog.out tmp/lastlog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config.txt b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/default/useradd b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/group b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/gshadow b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/passwd b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/shadow b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/data/passwd b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/usermod.test b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
new file mode 100755
index 0000000..2122a87
--- /dev/null
+++ b/tests/tests/usertools/usermod/41_usermod-u_faillog_not_created/usermod.test
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; touch /var/log/faillog' 0
+
+change_config
+
+echo -n "Remove /var/log/faillog (it will not be restored)..."
+rm -f /var/log/faillog
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the /var/log/faillog file was not created"...
+test ! -f /var/log/faillog
+echo "OK"
+
+touch /var/log/faillog
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config.txt b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/group b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/group
new file mode 100644
index 0000000..b6fae89
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root,foo
+tty:x:5:
+disk:x:6:
+lp:x:7:foo,root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:foo
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:foo
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/gshadow
new file mode 100644
index 0000000..1f2ba8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root,foo
+tty:*::foo
+disk:*:foo:
+lp:*::foo,root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*:foo:foo
+voice:*::
+cdrom:*:foo:foo
+floppy:*::foo
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/pam.d/login b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/passwd b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/passwd
new file mode 100644
index 0000000..ae6ebfe
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/shadow b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/shadow
new file mode 100644
index 0000000..9b99f4d
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/data/passwd b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/data/passwd
new file mode 100644
index 0000000..137b91d
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/sh
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/login.exp b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/login.exp
new file mode 100755
index 0000000..4226743
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/login.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
new file mode 100755
index 0000000..769e5dc
--- /dev/null
+++ b/tests/tests/usertools/usermod/42_usermod-u_copy_faillog_entry/usermod.test
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+> /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+faillog > tmp/faillog.out
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+faillog > tmp/faillog.out2
+
+echo "faillog:"
+echo "======================================================================="
+cat tmp/faillog.out2
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+diff -au tmp/faillog.out tmp/faillog.out2
+echo "faillog message OK."
+rm -f tmp/faillog.out tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config.txt b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/default/useradd b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/group b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/group
new file mode 100644
index 0000000..6470be5
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/gshadow b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/gshadow
new file mode 100644
index 0000000..e982c7c
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+bar:*::
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/pam.d/login b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/pam.d/login
new file mode 100644
index 0000000..0a101fd
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/pam.d/login
@@ -0,0 +1,111 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+#
+# With the default control of this module:
+#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
+# root will not be prompted for a password on insecure lines.
+# if an invalid username is entered, a password is prompted (but login
+# will eventually be rejected)
+#
+# You can change it to a "requisite" module if you think root may mis-type
+# her login and should not be prompted for a password in that case. But
+# this will leave the system as vulnerable to user enumeration attacks.
+#
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root on insecure lines), but root passwords may be
+# communicated over insecure lines.
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# Added to support faillog
+auth     required       pam_tally.so per_user
+
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time constraints on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon successful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/passwd b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/passwd
new file mode 100644
index 0000000..5173c28
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/sh
+bar:x:10000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/shadow b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/group b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/group
new file mode 100644
index 0000000..d972111
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+bar:x:10000:
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/passwd b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/passwd
new file mode 100644
index 0000000..1cfb31f
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:10000::/home/bar:/bin/sh
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/shadow b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/login.exp b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/login.exp
new file mode 100755
index 0000000..4226743
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/login.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect
+
+set timeout 5
+expect_after default {puts stderr "\nFAIL"; exit 1}
+
+spawn /bin/bash
+expect "# "
+
+send "login foo\r"
+expect "Password: "
+sleep 0.1
+send "badpass\r"
+send_user "\n# password 'badpass' sent\n\n"
+expect "login: "
+
+send "exit\r"
+exit 0
diff --git a/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
new file mode 100755
index 0000000..ee262b6
--- /dev/null
+++ b/tests/tests/usertools/usermod/43_usermod-u_reset_new_faillog_entry/usermod.test
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod does not create /var/log/faillog"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config' 0
+
+change_config
+
+echo -n "Create an empty /var/log/faillog (it will not be restored)..."
+touch /var/log/faillog
+echo "OK"
+
+echo -n "Trigger a connection as foo..."
+./login.exp
+echo "OK"
+
+faillog > tmp/faillog.out
+
+echo "faillog :"
+echo "======================================================================="
+cat tmp/faillog.out
+echo "======================================================================="
+rm -f tmp/faillog.out
+
+echo -n "Manually delete the user foo (to keep the faillog entry)..."
+sed -e '/^foo:/d' -i /etc/passwd
+sed -e '/^foo:/d' -i /etc/shadow
+sed -e '/^foo:/d' -i /etc/group
+sed -e '/^foo:/d' -i /etc/gshadow
+echo "OK"
+
+echo -n "Change the user's UID to reuse foo's (usermod -u 1000 bar)..."
+usermod -u 1000 bar
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl data/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+
+faillog > tmp/faillog.out2
+
+echo "faillog:"
+echo "======================================================================="
+cat tmp/faillog.out2
+echo "======================================================================="
+
+echo -n "Check the faillog message..."
+c=$(cat tmp/faillog.out2 | wc -c)
+test $c = "0"
+echo "empty faillog OK."
+rm -f tmp/faillog.out2
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config.txt b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/default/useradd b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/group b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/gshadow b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/passwd b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/shadow b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/mailbox.perms b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/mailbox.perms
new file mode 100644
index 0000000..92d36ea
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/mailbox.perms
@@ -0,0 +1 @@
+7 -rw-r--r-- bar:mail `/var/mail/bar'
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/passwd b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/passwd
new file mode 100644
index 0000000..656230a
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+bar:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/shadow b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/shadow
new file mode 100644
index 0000000..2fc3f9c
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/data/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/test b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/test
new file mode 100644
index 0000000..fbcf12d
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/test
@@ -0,0 +1 @@
+toto
diff --git a/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/usermod.test b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/usermod.test
new file mode 100755
index 0000000..dfd0ef9
--- /dev/null
+++ b/tests/tests/usertools/usermod/44_usermod-l_move_mailbox/usermod.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod move the mailbox if it exists"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo /var/mail/bar' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+echo foobar > /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's name (usermod -l bar foo)..."
+usermod -l bar foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl data/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the new mailbox was created..."
+test -f /var/mail/bar
+echo "OK"
+echo -n "Check that the old mailbox was removed..."
+test ! -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%s %A %U:%G %N\n" /var/mail/bar | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/bar
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config.txt b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/default/useradd b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/group b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/gshadow b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/passwd b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/shadow b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/mailbox.perms b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/mailbox.perms
new file mode 100644
index 0000000..52233be
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/mailbox.perms
@@ -0,0 +1 @@
+-rw-r--r-- foo:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/passwd b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
new file mode 100755
index 0000000..3fb509b
--- /dev/null
+++ b/tests/tests/usertools/usermod/45_usermod-u_change_mailbox_owner/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod changes the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+touch /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config.txt b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/default/useradd b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/group b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/group
new file mode 100644
index 0000000..7fca720
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/gshadow b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/gshadow
new file mode 100644
index 0000000..f735fda
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/passwd b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/passwd
new file mode 100644
index 0000000..6082b5f
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
+bar:x:1001:1001::/home/bar:/bin/false
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/shadow b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/shadow
new file mode 100644
index 0000000..5f73f33
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/config/etc/shadow
@@ -0,0 +1,21 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
+bar:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/mailbox.perms b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/mailbox.perms
new file mode 100644
index 0000000..2c8f112
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/mailbox.perms
@@ -0,0 +1 @@
+7 -rw-r--r-- bar:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/passwd b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/passwd
new file mode 100644
index 0000000..138adcc
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/passwd
@@ -0,0 +1,21 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
+bar:x:1001:1001::/home/bar:/bin/false
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/usermod.err b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/usermod.err
new file mode 100644
index 0000000..8f67460
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/data/usermod.err
@@ -0,0 +1 @@
+usermod: warning: /var/mail/foo not owned by foo
diff --git a/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
new file mode 100755
index 0000000..ab57a79
--- /dev/null
+++ b/tests/tests/usertools/usermod/46_usermod-u_checks_mailbox_owner/usermod.test
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod checks the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+echo foobar> /var/mail/foo
+chown bar:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo 2>tmp/usermod.err
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%s %A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config.txt b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/default/useradd b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/group b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/gshadow b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs
new file mode 100644
index 0000000..1ff03b9
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+#MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/passwd b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/shadow b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/mailbox.perms b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/mailbox.perms
new file mode 100644
index 0000000..52233be
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/mailbox.perms
@@ -0,0 +1 @@
+-rw-r--r-- foo:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/passwd b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/47_usermod-u_default_maildir/usermod.test b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/usermod.test
new file mode 100755
index 0000000..3fb509b
--- /dev/null
+++ b/tests/tests/usertools/usermod/47_usermod-u_default_maildir/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod changes the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+touch /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config.txt b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config.txt
new file mode 100644
index 0000000..1a78b6c
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/default/useradd b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/group b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/group
new file mode 100644
index 0000000..a11bebe
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:root
+adm:x:4:root
+tty:x:5:
+disk:x:6:
+lp:x:7:root
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/gshadow b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/gshadow
new file mode 100644
index 0000000..272c4de
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::root
+adm:*::root
+tty:*::
+disk:*::
+lp:*::root
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs
new file mode 100644
index 0000000..f87a841
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs
@@ -0,0 +1,334 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+#MAIL_DIR        /var/mail
+MAIL_FILE      .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB		yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable. 
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE	/var/log/btmp
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing 
+# the "mesg y" command.
+
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# 
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up their
+# mind.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  100
+#SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  100
+#SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overridden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+# Other former uses of this variable such as setting the umask when
+# user==primary group are not used in PAM environments, such as Debian
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE	/etc/consoles
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+#ENCRYPT_METHOD DES
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+#						#
+# These options are now handled by PAM. Please	#
+# edit the appropriate file in /etc/pam.d/ to	#
+# enable the equivalents of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+#						  #
+# These options are no more handled by shadow.    #
+#                                                 #
+# Shadow utilities will display a warning if they #
+# still appear.                                   #
+#                                                 #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/passwd b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/shadow b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/mailbox.perms b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/mailbox.perms
new file mode 100644
index 0000000..9e78a91
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/mailbox.perms
@@ -0,0 +1 @@
+-rw-r--r-- UNKNOWN:mail `/var/mail/foo'
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/passwd b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/passwd
new file mode 100644
index 0000000..174e4f6
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:4242:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
new file mode 100755
index 0000000..3fb509b
--- /dev/null
+++ b/tests/tests/usertools/usermod/48_usermod-u_MAIL_FILE/usermod.test
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod changes the mailbox ownership"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -f /var/mail/foo' 0
+
+change_config
+
+echo -n "Create foo mailbox /var/mail/foo ..."
+touch /var/mail/foo
+chown foo:mail /var/mail/foo
+echo "OK"
+
+echo -n "Change the user's UID (usermod -u 4242 foo)..."
+usermod -u 4242 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that the mailbox was moved..."
+test -f /var/mail/foo
+echo "OK"
+echo -n "Check permissions of the mailbox..."
+stat --printf "%A %U:%G %N\n" /var/mail/foo | sort > tmp/mailbox.perms
+diff -rauN data/mailbox.perms tmp/mailbox.perms
+echo "OK"
+rm -f tmp/mailbox.perms
+
+rm -f /var/mail/foo
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config.txt b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config.txt
new file mode 100644
index 0000000..b337f3f
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config.txt
@@ -0,0 +1 @@
+user foo exists, UID 1000, home directory: /home/foo
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/default/useradd b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/group b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/group
new file mode 100644
index 0000000..65ffe60
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/gshadow b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/passwd b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/shadow b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/home_ls-a b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/home_ls-a
new file mode 100644
index 0000000..654c2be
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/home_ls-a
@@ -0,0 +1,12 @@
+-rw-r--r-- 0:1001 `/home/foo2/uroot'
+-rw-r--r-- 1000:0 `/home/foo2/groot'
+-rw-r--r-- 1000:1001 `/home/foo2/.tata'
+-rw-r--r-- 1000:1001 `/home/foo2/.tyty'
+-rw-r--r-- 1000:1001 `/home/foo2/profile2'
+-rw-r--r-- 1000:1001 `/home/foo2/toto'
+-rw-r--r-- 1000:1001 `/home/foo2/tyty'
+crw-r--r-- 1000:1001 `/home/foo2/null'
+drwxr-xr-x 0:0 `/home/foo2/..'
+drwxr-xr-x 1000:1001 `/home/foo2/.'
+drwxr-xr-x 1000:1001 `/home/foo2/titi'
+lrwxrwxrwx 1000:1001 `/home/foo2/tutu' -> `/tmp/home/foo2/toto'
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/passwd b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/passwd
new file mode 100644
index 0000000..b966e61
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001::/tmp/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
new file mode 100755
index 0000000..9a42e8d
--- /dev/null
+++ b/tests/tests/usertools/usermod/49_usermod_change_gid+move_homedir_other_device/usermod.test
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory, over a new device and changes the owner of the user's file"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2; umount /tmp/home; rmdir /tmp/home' 0
+
+change_config
+
+mkdir /home/foo
+mkdir /home/foo/titi
+echo toto > /home/foo/toto
+echo tyty > /home/foo/tyty
+ln /home/foo/toto /home/foo/.tata
+ln /home/foo/tyty /home/foo/.tyty
+ln -s /home/foo/toto /home/foo/tutu
+mknod /home/foo/null c 1 3
+ln /etc/profile /home/foo/profile2
+echo root > /home/foo/uroot
+echo root > /home/foo/groot
+chown -R foo:foo /home/foo
+chown root /home/foo/uroot
+chgrp root /home/foo/groot
+stat --printf "%A %u:%g %N\n" /home/foo/* /home/foo/.* 2>/dev/null | sort
+
+mkdir /tmp/home
+mount --bind /home /tmp/home
+
+echo -n "Change the user's home directory (usermod -m -d /tmp/home/foo2 -g 1001 foo ..."
+usermod -m -d /tmp/home/foo2 -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %u:%g %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+echo -n "Check that hardlink to another homedir file remains a hardlink..."
+dev_ino=$(stat --printf "%d-%i" /home/foo2/toto)
+dev_ino2=$(stat --printf "%d-%i" /home/foo2/.tata)
+test "$dev_ino" = "$dev_ino2"
+echo "OK"
+echo -n "Check hardlink to outside the homedir..."
+dev_ino=$(stat --printf "%d-%i" /etc/profile)
+dev_ino2=$(stat --printf "%d-%i" /home/foo2/profile2)
+echo "$dev_ino" != "$dev_ino2"
+#test "$dev_ino" = "$dev_ino2"
+echo "NOT IMPLEMENTED"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+umount /tmp/home
+rmdir /tmp/home
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config.txt b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/default/useradd b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/group b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/gshadow b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/passwd b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/shadow b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/home_ls-a b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/home_ls-a
new file mode 100644
index 0000000..161c30f
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/home_ls-a
@@ -0,0 +1,5 @@
+-rw-r--r-- foo:foo `/home/foo2/toto'
+-rw-r--r-- foo:root `/home/foo2/groot'
+-rw-r--r-- root:foo `/home/foo2/uroot'
+drwxr-xr-x foo:foo `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/passwd b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/passwd
new file mode 100644
index 0000000..6074624
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1001:1000::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
new file mode 100755
index 0000000..6ac347c
--- /dev/null
+++ b/tests/tests/usertools/usermod/50_usermod_change_uid+move_homedir/usermod.test
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+echo root > /home/foo/uroot
+echo root > /home/foo/groot
+chown -R foo:foo /home/foo
+chown root /home/foo/uroot
+chgrp root /home/foo/groot
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 -u 1001 foo)..."
+usermod -m -d /home/foo2 -u 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config.txt b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/default/useradd b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/group b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/group
new file mode 100644
index 0000000..65ffe60
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/group
@@ -0,0 +1,43 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
+bar:x:1001:
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/gshadow b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/gshadow
new file mode 100644
index 0000000..d8aa8ad
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/gshadow
@@ -0,0 +1,43 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
+bar:*::
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/passwd b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/shadow b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/home_ls-a b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/home_ls-a
new file mode 100644
index 0000000..74d7ab0
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:bar `/home/foo2/toto'
+drwxr-xr-x foo:bar `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/passwd b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/passwd
new file mode 100644
index 0000000..676b112
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1001::/home/foo2:/bin/false
diff --git a/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
new file mode 100755
index 0000000..6bc87f3
--- /dev/null
+++ b/tests/tests/usertools/usermod/51_usermod_change_gid+move_homedir/usermod.test
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can move the user's home directory and change the group permissions"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2' 0
+
+change_config
+
+mkdir /home/foo
+echo toto > /home/foo/toto
+chown -R foo:foo /home/foo
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 -g 1001 foo)..."
+usermod -m -d /home/foo2 -g 1001 foo
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check the user's home directory was removed..."
+test ! -d /home/foo
+echo "OK"
+echo -n "Check the user's home directory was moved..."
+test -d /home/foo2
+echo "OK"
+echo -n "Check content of /tmp/test-newusers..."
+stat --printf "%A %U:%G %N\n" /home/foo2/* /home/foo2/.* 2>/dev/null | sort > tmp/home_ls-a
+diff -rauN data/home_ls-a tmp/home_ls-a
+echo "OK"
+rm -f tmp/home_ls-a
+
+echo -n "Remove the new home directory..."
+rm -rf /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config.txt b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config.txt
new file mode 100644
index 0000000..4b5baab
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config.txt
@@ -0,0 +1 @@
+user foo exists
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/default/useradd b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/default/useradd
new file mode 100644
index 0000000..31c44ab
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/default/useradd
@@ -0,0 +1,36 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DHSELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/foobar
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+GROUP=10
+#
+# The default home directory. Same as DHOME for adduser
+HOME=/tmp
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+INACTIVE=12
+#
+# The default expire date
+EXPIRE=2007-12-02
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/group b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/group
new file mode 100644
index 0000000..5051825
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/group
@@ -0,0 +1,42 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:foo
+nogroup:x:65534:
+crontab:x:101:
+Debian-exim:x:102:
+foo:x:1000:
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/gshadow b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/gshadow
new file mode 100644
index 0000000..5042e58
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/gshadow
@@ -0,0 +1,42 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+crontab:x::
+Debian-exim:x::
+foo:*::
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/passwd b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/passwd
new file mode 100644
index 0000000..bf52df0
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo:/bin/false
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/shadow b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/shadow
new file mode 100644
index 0000000..2baad3b
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/config/etc/shadow
@@ -0,0 +1,20 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:*:12977:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
+foo:!:12977:0:99999:7:::
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a
new file mode 100644
index 0000000..62a6381
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a
@@ -0,0 +1,3 @@
+-rw-r--r-- foo:foo `/home/foo/toto'
+drwxr-xr-x foo:foo `/home/foo/.'
+drwxr-xr-x root:root `/home/foo/..'
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a2 b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a2
new file mode 100644
index 0000000..e69e95d
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/home_ls-a2
@@ -0,0 +1,2 @@
+drwxr-xr-x root:root `/home/foo2/.'
+drwxr-xr-x root:root `/home/foo2/..'
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/passwd b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/passwd
new file mode 100644
index 0000000..9da880b
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/passwd
@@ -0,0 +1,20 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+Debian-exim:x:102:102::/var/spool/exim4:/bin/false
+foo:x:1000:1000::/home/foo3:/bin/false
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/usermod.err b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/usermod.err
new file mode 100644
index 0000000..c8f9de2
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/data/usermod.err
@@ -0,0 +1 @@
+usermod: directory /home/foo could not be moved
diff --git a/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/usermod.test b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
new file mode 100755
index 0000000..8bd0fd0
--- /dev/null
+++ b/tests/tests/usertools/usermod/52_usermod_move_homedir_symlink/usermod.test
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+set -e
+
+cd $(dirname $0)
+
+. ../../../common/config.sh
+. ../../../common/log.sh
+
+log_start "$0" "usermod can't move the user's home directory when it's a symlink"
+
+save_config
+
+# restore the files on exit
+trap 'log_status "$0" "FAILURE"; restore_config; rm -rf /home/foo /home/foo2/file /home/foo2' 0
+
+change_config
+
+mkdir /home/foo2
+echo toto > /home/foo2/file
+ln -s foo2 /home/foo
+chown -R foo:foo /home/foo /home/foo2
+
+echo -n "Change the user's home directory (usermod -m -d /home/foo2 foo)..."
+usermod -m -d /home/foo3 foo 2>tmp/usermod.err && exit 1 || {
+	status=$?
+}
+echo "OK"
+
+echo -n "Check returned status ($status)..."
+test "$status" = "12"
+echo "OK"
+
+echo "usermod reported:"
+echo "======================================================================="
+cat tmp/usermod.err
+echo "======================================================================="
+echo -n "Check the usage message..."
+diff -au data/usermod.err tmp/usermod.err
+echo "usage message OK."
+rm -f tmp/usermod.err
+
+echo "OK"
+
+echo -n "Check the passwd file..."
+../../../common/compare_file.pl data/passwd /etc/passwd
+echo "OK"
+echo -n "Check the group file..."
+../../../common/compare_file.pl config/etc/group /etc/group
+echo "OK"
+echo -n "Check the shadow file..."
+../../../common/compare_file.pl config/etc/shadow /etc/shadow
+echo "OK"
+echo -n "Check the gshadow file..."
+../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
+echo "OK"
+echo -n "Check that /home/foo is still a symlink..."
+test -L /home/foo
+echo "OK"
+echo -n "Check that /home/foo2 was not removed..."
+test -d /home/foo2
+test -f /home/foo2/file
+echo "OK"
+echo -n "Check that /home/foo3 was not created..."
+test ! -f /home/foo3
+echo "OK"
+
+echo -n "Remove the home directories..."
+rm -rf /home/foo /home/foo2
+echo "done"
+
+log_status "$0" "SUCCESS"
+restore_config
+trap '' 0
+
diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am
new file mode 100644
index 0000000..d89367a
--- /dev/null
+++ b/tests/unit/Makefile.am
@@ -0,0 +1,145 @@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+
+if HAVE_CMOCKA
+TESTS = $(check_PROGRAMS)
+
+check_PROGRAMS = \
+    test_adds \
+    test_atoi_strtoi \
+    test_chkname \
+    test_sprintf \
+    test_strncpy \
+    test_strtcpy \
+    test_xasprintf \
+    test_zustr2stp
+
+if ENABLE_LOGIND
+check_PROGRAMS += \
+    test_logind
+endif # ENABLE_LOGIND
+
+check_PROGRAMS += \
+    $(NULL)
+
+test_adds_SOURCES = \
+    ../../lib/adds.c \
+    test_adds.c \
+    $(NULL)
+test_adds_CFLAGS = \
+    $(AM_FLAGS) \
+    $(NULL)
+test_adds_LDFLAGS = \
+    $(NULL)
+test_adds_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_atoi_strtoi_SOURCES = \
+    ../../lib/atoi/strtoi.c \
+    test_atoi_strtoi.c \
+    $(NULL)
+test_atoi_strtoi_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_atoi_strtoi_LDFLAGS = \
+    $(NULL)
+test_atoi_strtoi_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_chkname_SOURCES = \
+    ../../lib/chkname.c \
+    test_chkname.c \
+    $(NULL)
+test_chkname_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_chkname_LDFLAGS = \
+    $(NULL)
+test_chkname_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_logind_SOURCES = \
+    ../../lib/logind.c \
+    test_logind.c \
+    $(NULL)
+test_logind_CFLAGS = \
+    $(AM_CFLAGS) \
+    -lsystemd \
+    $(NULL)
+test_logind_LDFLAGS = \
+    -Wl,-wrap,prefix_getpwnam \
+    -Wl,-wrap,sd_uid_get_sessions \
+    $(NULL)
+test_logind_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(LIBSYSTEMD) \
+    $(NULL)
+
+test_sprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_sprintf.c \
+    $(NULL)
+test_sprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_sprintf_LDFLAGS = \
+    $(NULL)
+test_sprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strncpy_SOURCES = \
+    test_strncpy.c \
+    $(NULL)
+test_strncpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strncpy_LDFLAGS = \
+    $(NULL)
+test_strncpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_strtcpy_SOURCES = \
+    ../../lib/string/strtcpy.c \
+    test_strtcpy.c \
+    $(NULL)
+test_strtcpy_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_strtcpy_LDFLAGS = \
+    $(NULL)
+test_strtcpy_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_xasprintf_SOURCES = \
+    ../../lib/string/sprintf.c \
+    test_xasprintf.c \
+    $(NULL)
+test_xasprintf_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_xasprintf_LDFLAGS = \
+    -Wl,-wrap,vasprintf \
+    -Wl,-wrap,exit \
+    $(NULL)
+test_xasprintf_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+test_zustr2stp_SOURCES = \
+    test_zustr2stp.c \
+    $(NULL)
+test_zustr2stp_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+test_zustr2stp_LDFLAGS = \
+    $(NULL)
+test_zustr2stp_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(NULL)
+
+endif # HAVE_CMOCKA
diff --git a/tests/unit/Makefile.in b/tests/unit/Makefile.in
new file mode 100644
index 0000000..108070c
--- /dev/null
+++ b/tests/unit/Makefile.in
@@ -0,0 +1,1702 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_CMOCKA_TRUE@check_PROGRAMS = test_adds$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname$(EXEEXT) test_sprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_strncpy$(EXEEXT) test_strtcpy$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf$(EXEEXT) \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp$(EXEEXT) $(am__EXEEXT_1)
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__append_1 = \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@    test_logind
+
+subdir = tests/unit
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@am__EXEEXT_1 =  \
+@ENABLE_LOGIND_TRUE@@HAVE_CMOCKA_TRUE@	test_logind$(EXEEXT)
+am__test_adds_SOURCES_DIST = ../../lib/adds.c test_adds.c
+am__dirstamp = $(am__leading_dot)dirstamp
+@HAVE_CMOCKA_TRUE@am_test_adds_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_adds-adds.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_adds-test_adds.$(OBJEXT)
+test_adds_OBJECTS = $(am_test_adds_OBJECTS)
+am__DEPENDENCIES_1 =
+@HAVE_CMOCKA_TRUE@test_adds_DEPENDENCIES = $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+test_adds_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_adds_CFLAGS) \
+	$(CFLAGS) $(test_adds_LDFLAGS) $(LDFLAGS) -o $@
+am__test_atoi_strtoi_SOURCES_DIST = ../../lib/atoi/strtoi.c \
+	test_atoi_strtoi.c
+@HAVE_CMOCKA_TRUE@am_test_atoi_strtoi_OBJECTS = ../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_atoi_strtoi-test_atoi_strtoi.$(OBJEXT)
+test_atoi_strtoi_OBJECTS = $(am_test_atoi_strtoi_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_DEPENDENCIES =  \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_atoi_strtoi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_atoi_strtoi_CFLAGS) $(CFLAGS) \
+	$(test_atoi_strtoi_LDFLAGS) $(LDFLAGS) -o $@
+am__test_chkname_SOURCES_DIST = ../../lib/chkname.c test_chkname.c
+@HAVE_CMOCKA_TRUE@am_test_chkname_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_chkname-chkname.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_chkname-test_chkname.$(OBJEXT)
+test_chkname_OBJECTS = $(am_test_chkname_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_chkname_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_chkname_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_chkname_CFLAGS) \
+	$(CFLAGS) $(test_chkname_LDFLAGS) $(LDFLAGS) -o $@
+am__test_logind_SOURCES_DIST = ../../lib/logind.c test_logind.c
+@HAVE_CMOCKA_TRUE@am_test_logind_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	../../lib/test_logind-logind.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_logind-test_logind.$(OBJEXT)
+test_logind_OBJECTS = $(am_test_logind_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_logind_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+@HAVE_CMOCKA_TRUE@	$(am__DEPENDENCIES_1)
+test_logind_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_logind_CFLAGS) \
+	$(CFLAGS) $(test_logind_LDFLAGS) $(LDFLAGS) -o $@
+am__test_sprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_sprintf.c
+@HAVE_CMOCKA_TRUE@am_test_sprintf_OBJECTS = ../../lib/string/test_sprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_sprintf-test_sprintf.$(OBJEXT)
+test_sprintf_OBJECTS = $(am_test_sprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_sprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_sprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_sprintf_CFLAGS) \
+	$(CFLAGS) $(test_sprintf_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strncpy_SOURCES_DIST = test_strncpy.c
+@HAVE_CMOCKA_TRUE@am_test_strncpy_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_strncpy-test_strncpy.$(OBJEXT)
+test_strncpy_OBJECTS = $(am_test_strncpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strncpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strncpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strncpy_CFLAGS) \
+	$(CFLAGS) $(test_strncpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_strtcpy_SOURCES_DIST = ../../lib/string/strtcpy.c \
+	test_strtcpy.c
+@HAVE_CMOCKA_TRUE@am_test_strtcpy_OBJECTS = ../../lib/string/test_strtcpy-strtcpy.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_strtcpy-test_strtcpy.$(OBJEXT)
+test_strtcpy_OBJECTS = $(am_test_strtcpy_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_strtcpy_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_strtcpy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_strtcpy_CFLAGS) \
+	$(CFLAGS) $(test_strtcpy_LDFLAGS) $(LDFLAGS) -o $@
+am__test_xasprintf_SOURCES_DIST = ../../lib/string/sprintf.c \
+	test_xasprintf.c
+@HAVE_CMOCKA_TRUE@am_test_xasprintf_OBJECTS = ../../lib/string/test_xasprintf-sprintf.$(OBJEXT) \
+@HAVE_CMOCKA_TRUE@	test_xasprintf-test_xasprintf.$(OBJEXT)
+test_xasprintf_OBJECTS = $(am_test_xasprintf_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_xasprintf_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_xasprintf_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_xasprintf_CFLAGS) $(CFLAGS) $(test_xasprintf_LDFLAGS) \
+	$(LDFLAGS) -o $@
+am__test_zustr2stp_SOURCES_DIST = test_zustr2stp.c
+@HAVE_CMOCKA_TRUE@am_test_zustr2stp_OBJECTS =  \
+@HAVE_CMOCKA_TRUE@	test_zustr2stp-test_zustr2stp.$(OBJEXT)
+test_zustr2stp_OBJECTS = $(am_test_zustr2stp_OBJECTS)
+@HAVE_CMOCKA_TRUE@test_zustr2stp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+test_zustr2stp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(test_zustr2stp_CFLAGS) $(CFLAGS) $(test_zustr2stp_LDFLAGS) \
+	$(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ../../lib/$(DEPDIR)/test_adds-adds.Po \
+	../../lib/$(DEPDIR)/test_chkname-chkname.Po \
+	../../lib/$(DEPDIR)/test_logind-logind.Po \
+	../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po \
+	../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po \
+	../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po \
+	../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po \
+	./$(DEPDIR)/test_adds-test_adds.Po \
+	./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po \
+	./$(DEPDIR)/test_chkname-test_chkname.Po \
+	./$(DEPDIR)/test_logind-test_logind.Po \
+	./$(DEPDIR)/test_sprintf-test_sprintf.Po \
+	./$(DEPDIR)/test_strncpy-test_strncpy.Po \
+	./$(DEPDIR)/test_strtcpy-test_strtcpy.Po \
+	./$(DEPDIR)/test_xasprintf-test_xasprintf.Po \
+	./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(test_adds_SOURCES) $(test_atoi_strtoi_SOURCES) \
+	$(test_chkname_SOURCES) $(test_logind_SOURCES) \
+	$(test_sprintf_SOURCES) $(test_strncpy_SOURCES) \
+	$(test_strtcpy_SOURCES) $(test_xasprintf_SOURCES) \
+	$(test_zustr2stp_SOURCES)
+DIST_SOURCES = $(am__test_adds_SOURCES_DIST) \
+	$(am__test_atoi_strtoi_SOURCES_DIST) \
+	$(am__test_chkname_SOURCES_DIST) \
+	$(am__test_logind_SOURCES_DIST) \
+	$(am__test_sprintf_SOURCES_DIST) \
+	$(am__test_strncpy_SOURCES_DIST) \
+	$(am__test_strtcpy_SOURCES_DIST) \
+	$(am__test_xasprintf_SOURCES_DIST) \
+	$(am__test_zustr2stp_SOURCES_DIST)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
+	$(top_srcdir)/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
+LIBCRYPT = @LIBCRYPT@
+LIBECONF = @LIBECONF@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBSUBID_ABI = @LIBSUBID_ABI@
+LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
+LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
+LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LIYESCRYPT = @LIYESCRYPT@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VENDORDIR = @VENDORDIR@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+capcmd = @capcmd@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)
+@HAVE_CMOCKA_TRUE@TESTS = $(check_PROGRAMS)
+@HAVE_CMOCKA_TRUE@test_adds_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/adds.c \
+@HAVE_CMOCKA_TRUE@    test_adds.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_FLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_adds_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/atoi/strtoi.c \
+@HAVE_CMOCKA_TRUE@    test_atoi_strtoi.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_atoi_strtoi_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/chkname.c \
+@HAVE_CMOCKA_TRUE@    test_chkname.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_chkname_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/logind.c \
+@HAVE_CMOCKA_TRUE@    test_logind.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    -lsystemd \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,prefix_getpwnam \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,sd_uid_get_sessions \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_logind_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(LIBSYSTEMD) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_sprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_sprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_strncpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strncpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/strtcpy.c \
+@HAVE_CMOCKA_TRUE@    test_strtcpy.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_strtcpy_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_SOURCES = \
+@HAVE_CMOCKA_TRUE@    ../../lib/string/sprintf.c \
+@HAVE_CMOCKA_TRUE@    test_xasprintf.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,vasprintf \
+@HAVE_CMOCKA_TRUE@    -Wl,-wrap,exit \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_xasprintf_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_SOURCES = \
+@HAVE_CMOCKA_TRUE@    test_zustr2stp.c \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_CFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(AM_CFLAGS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDFLAGS = \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+@HAVE_CMOCKA_TRUE@test_zustr2stp_LDADD = \
+@HAVE_CMOCKA_TRUE@    $(CMOCKA_LIBS) \
+@HAVE_CMOCKA_TRUE@    $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/unit/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign tests/unit/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+../../lib/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib
+	@: > ../../lib/$(am__dirstamp)
+../../lib/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/$(DEPDIR)
+	@: > ../../lib/$(DEPDIR)/$(am__dirstamp)
+../../lib/test_adds-adds.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_adds$(EXEEXT): $(test_adds_OBJECTS) $(test_adds_DEPENDENCIES) $(EXTRA_test_adds_DEPENDENCIES) 
+	@rm -f test_adds$(EXEEXT)
+	$(AM_V_CCLD)$(test_adds_LINK) $(test_adds_OBJECTS) $(test_adds_LDADD) $(LIBS)
+../../lib/atoi/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi
+	@: > ../../lib/atoi/$(am__dirstamp)
+../../lib/atoi/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/atoi/$(DEPDIR)
+	@: > ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+../../lib/atoi/test_atoi_strtoi-strtoi.$(OBJEXT):  \
+	../../lib/atoi/$(am__dirstamp) \
+	../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+
+test_atoi_strtoi$(EXEEXT): $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_DEPENDENCIES) $(EXTRA_test_atoi_strtoi_DEPENDENCIES) 
+	@rm -f test_atoi_strtoi$(EXEEXT)
+	$(AM_V_CCLD)$(test_atoi_strtoi_LINK) $(test_atoi_strtoi_OBJECTS) $(test_atoi_strtoi_LDADD) $(LIBS)
+../../lib/test_chkname-chkname.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_chkname$(EXEEXT): $(test_chkname_OBJECTS) $(test_chkname_DEPENDENCIES) $(EXTRA_test_chkname_DEPENDENCIES) 
+	@rm -f test_chkname$(EXEEXT)
+	$(AM_V_CCLD)$(test_chkname_LINK) $(test_chkname_OBJECTS) $(test_chkname_LDADD) $(LIBS)
+../../lib/test_logind-logind.$(OBJEXT): ../../lib/$(am__dirstamp) \
+	../../lib/$(DEPDIR)/$(am__dirstamp)
+
+test_logind$(EXEEXT): $(test_logind_OBJECTS) $(test_logind_DEPENDENCIES) $(EXTRA_test_logind_DEPENDENCIES) 
+	@rm -f test_logind$(EXEEXT)
+	$(AM_V_CCLD)$(test_logind_LINK) $(test_logind_OBJECTS) $(test_logind_LDADD) $(LIBS)
+../../lib/string/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string
+	@: > ../../lib/string/$(am__dirstamp)
+../../lib/string/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ../../lib/string/$(DEPDIR)
+	@: > ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+../../lib/string/test_sprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_sprintf$(EXEEXT): $(test_sprintf_OBJECTS) $(test_sprintf_DEPENDENCIES) $(EXTRA_test_sprintf_DEPENDENCIES) 
+	@rm -f test_sprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_sprintf_LINK) $(test_sprintf_OBJECTS) $(test_sprintf_LDADD) $(LIBS)
+
+test_strncpy$(EXEEXT): $(test_strncpy_OBJECTS) $(test_strncpy_DEPENDENCIES) $(EXTRA_test_strncpy_DEPENDENCIES) 
+	@rm -f test_strncpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strncpy_LINK) $(test_strncpy_OBJECTS) $(test_strncpy_LDADD) $(LIBS)
+../../lib/string/test_strtcpy-strtcpy.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_strtcpy$(EXEEXT): $(test_strtcpy_OBJECTS) $(test_strtcpy_DEPENDENCIES) $(EXTRA_test_strtcpy_DEPENDENCIES) 
+	@rm -f test_strtcpy$(EXEEXT)
+	$(AM_V_CCLD)$(test_strtcpy_LINK) $(test_strtcpy_OBJECTS) $(test_strtcpy_LDADD) $(LIBS)
+../../lib/string/test_xasprintf-sprintf.$(OBJEXT):  \
+	../../lib/string/$(am__dirstamp) \
+	../../lib/string/$(DEPDIR)/$(am__dirstamp)
+
+test_xasprintf$(EXEEXT): $(test_xasprintf_OBJECTS) $(test_xasprintf_DEPENDENCIES) $(EXTRA_test_xasprintf_DEPENDENCIES) 
+	@rm -f test_xasprintf$(EXEEXT)
+	$(AM_V_CCLD)$(test_xasprintf_LINK) $(test_xasprintf_OBJECTS) $(test_xasprintf_LDADD) $(LIBS)
+
+test_zustr2stp$(EXEEXT): $(test_zustr2stp_OBJECTS) $(test_zustr2stp_DEPENDENCIES) $(EXTRA_test_zustr2stp_DEPENDENCIES) 
+	@rm -f test_zustr2stp$(EXEEXT)
+	$(AM_V_CCLD)$(test_zustr2stp_LINK) $(test_zustr2stp_OBJECTS) $(test_zustr2stp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f ../../lib/*.$(OBJEXT)
+	-rm -f ../../lib/atoi/*.$(OBJEXT)
+	-rm -f ../../lib/string/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_adds-adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_chkname-chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/$(DEPDIR)/test_logind-logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_adds-test_adds.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_chkname-test_chkname.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_logind-test_logind.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_sprintf-test_sprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strncpy-test_strncpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_strtcpy-test_strtcpy.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_xasprintf-test_xasprintf.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+../../lib/test_adds-adds.o: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.o -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.o `test -f '../../lib/adds.c' || echo '$(srcdir)/'`../../lib/adds.c
+
+../../lib/test_adds-adds.obj: ../../lib/adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT ../../lib/test_adds-adds.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_adds-adds.Tpo -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_adds-adds.Tpo ../../lib/$(DEPDIR)/test_adds-adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/adds.c' object='../../lib/test_adds-adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o ../../lib/test_adds-adds.obj `if test -f '../../lib/adds.c'; then $(CYGPATH_W) '../../lib/adds.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/adds.c'; fi`
+
+test_adds-test_adds.o: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.o -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.o `test -f 'test_adds.c' || echo '$(srcdir)/'`test_adds.c
+
+test_adds-test_adds.obj: test_adds.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -MT test_adds-test_adds.obj -MD -MP -MF $(DEPDIR)/test_adds-test_adds.Tpo -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_adds-test_adds.Tpo $(DEPDIR)/test_adds-test_adds.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_adds.c' object='test_adds-test_adds.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_adds_CFLAGS) $(CFLAGS) -c -o test_adds-test_adds.obj `if test -f 'test_adds.c'; then $(CYGPATH_W) 'test_adds.c'; else $(CYGPATH_W) '$(srcdir)/test_adds.c'; fi`
+
+../../lib/atoi/test_atoi_strtoi-strtoi.o: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.o -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.o `test -f '../../lib/atoi/strtoi.c' || echo '$(srcdir)/'`../../lib/atoi/strtoi.c
+
+../../lib/atoi/test_atoi_strtoi-strtoi.obj: ../../lib/atoi/strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT ../../lib/atoi/test_atoi_strtoi-strtoi.obj -MD -MP -MF ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Tpo ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/atoi/strtoi.c' object='../../lib/atoi/test_atoi_strtoi-strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o ../../lib/atoi/test_atoi_strtoi-strtoi.obj `if test -f '../../lib/atoi/strtoi.c'; then $(CYGPATH_W) '../../lib/atoi/strtoi.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/atoi/strtoi.c'; fi`
+
+test_atoi_strtoi-test_atoi_strtoi.o: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.o -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.o `test -f 'test_atoi_strtoi.c' || echo '$(srcdir)/'`test_atoi_strtoi.c
+
+test_atoi_strtoi-test_atoi_strtoi.obj: test_atoi_strtoi.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -MT test_atoi_strtoi-test_atoi_strtoi.obj -MD -MP -MF $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Tpo $(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_atoi_strtoi.c' object='test_atoi_strtoi-test_atoi_strtoi.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_atoi_strtoi_CFLAGS) $(CFLAGS) -c -o test_atoi_strtoi-test_atoi_strtoi.obj `if test -f 'test_atoi_strtoi.c'; then $(CYGPATH_W) 'test_atoi_strtoi.c'; else $(CYGPATH_W) '$(srcdir)/test_atoi_strtoi.c'; fi`
+
+../../lib/test_chkname-chkname.o: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.o -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.o `test -f '../../lib/chkname.c' || echo '$(srcdir)/'`../../lib/chkname.c
+
+../../lib/test_chkname-chkname.obj: ../../lib/chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT ../../lib/test_chkname-chkname.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_chkname-chkname.Tpo ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/chkname.c' object='../../lib/test_chkname-chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o ../../lib/test_chkname-chkname.obj `if test -f '../../lib/chkname.c'; then $(CYGPATH_W) '../../lib/chkname.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/chkname.c'; fi`
+
+test_chkname-test_chkname.o: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.o -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.o `test -f 'test_chkname.c' || echo '$(srcdir)/'`test_chkname.c
+
+test_chkname-test_chkname.obj: test_chkname.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -MT test_chkname-test_chkname.obj -MD -MP -MF $(DEPDIR)/test_chkname-test_chkname.Tpo -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_chkname-test_chkname.Tpo $(DEPDIR)/test_chkname-test_chkname.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_chkname.c' object='test_chkname-test_chkname.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_chkname_CFLAGS) $(CFLAGS) -c -o test_chkname-test_chkname.obj `if test -f 'test_chkname.c'; then $(CYGPATH_W) 'test_chkname.c'; else $(CYGPATH_W) '$(srcdir)/test_chkname.c'; fi`
+
+../../lib/test_logind-logind.o: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.o -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.o `test -f '../../lib/logind.c' || echo '$(srcdir)/'`../../lib/logind.c
+
+../../lib/test_logind-logind.obj: ../../lib/logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT ../../lib/test_logind-logind.obj -MD -MP -MF ../../lib/$(DEPDIR)/test_logind-logind.Tpo -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/$(DEPDIR)/test_logind-logind.Tpo ../../lib/$(DEPDIR)/test_logind-logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/logind.c' object='../../lib/test_logind-logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o ../../lib/test_logind-logind.obj `if test -f '../../lib/logind.c'; then $(CYGPATH_W) '../../lib/logind.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/logind.c'; fi`
+
+test_logind-test_logind.o: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.o -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.o `test -f 'test_logind.c' || echo '$(srcdir)/'`test_logind.c
+
+test_logind-test_logind.obj: test_logind.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -MT test_logind-test_logind.obj -MD -MP -MF $(DEPDIR)/test_logind-test_logind.Tpo -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_logind-test_logind.Tpo $(DEPDIR)/test_logind-test_logind.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_logind.c' object='test_logind-test_logind.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_logind_CFLAGS) $(CFLAGS) -c -o test_logind-test_logind.obj `if test -f 'test_logind.c'; then $(CYGPATH_W) 'test_logind.c'; else $(CYGPATH_W) '$(srcdir)/test_logind.c'; fi`
+
+../../lib/string/test_sprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_sprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_sprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_sprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_sprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_sprintf-test_sprintf.o: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.o -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.o `test -f 'test_sprintf.c' || echo '$(srcdir)/'`test_sprintf.c
+
+test_sprintf-test_sprintf.obj: test_sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -MT test_sprintf-test_sprintf.obj -MD -MP -MF $(DEPDIR)/test_sprintf-test_sprintf.Tpo -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_sprintf-test_sprintf.Tpo $(DEPDIR)/test_sprintf-test_sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_sprintf.c' object='test_sprintf-test_sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sprintf_CFLAGS) $(CFLAGS) -c -o test_sprintf-test_sprintf.obj `if test -f 'test_sprintf.c'; then $(CYGPATH_W) 'test_sprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_sprintf.c'; fi`
+
+test_strncpy-test_strncpy.o: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.o -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.o `test -f 'test_strncpy.c' || echo '$(srcdir)/'`test_strncpy.c
+
+test_strncpy-test_strncpy.obj: test_strncpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -MT test_strncpy-test_strncpy.obj -MD -MP -MF $(DEPDIR)/test_strncpy-test_strncpy.Tpo -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strncpy-test_strncpy.Tpo $(DEPDIR)/test_strncpy-test_strncpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strncpy.c' object='test_strncpy-test_strncpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strncpy_CFLAGS) $(CFLAGS) -c -o test_strncpy-test_strncpy.obj `if test -f 'test_strncpy.c'; then $(CYGPATH_W) 'test_strncpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strncpy.c'; fi`
+
+../../lib/string/test_strtcpy-strtcpy.o: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.o `test -f '../../lib/string/strtcpy.c' || echo '$(srcdir)/'`../../lib/string/strtcpy.c
+
+../../lib/string/test_strtcpy-strtcpy.obj: ../../lib/string/strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_strtcpy-strtcpy.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Tpo ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/strtcpy.c' object='../../lib/string/test_strtcpy-strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_strtcpy-strtcpy.obj `if test -f '../../lib/string/strtcpy.c'; then $(CYGPATH_W) '../../lib/string/strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/strtcpy.c'; fi`
+
+test_strtcpy-test_strtcpy.o: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.o -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.o `test -f 'test_strtcpy.c' || echo '$(srcdir)/'`test_strtcpy.c
+
+test_strtcpy-test_strtcpy.obj: test_strtcpy.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -MT test_strtcpy-test_strtcpy.obj -MD -MP -MF $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_strtcpy-test_strtcpy.Tpo $(DEPDIR)/test_strtcpy-test_strtcpy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_strtcpy.c' object='test_strtcpy-test_strtcpy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_strtcpy_CFLAGS) $(CFLAGS) -c -o test_strtcpy-test_strtcpy.obj `if test -f 'test_strtcpy.c'; then $(CYGPATH_W) 'test_strtcpy.c'; else $(CYGPATH_W) '$(srcdir)/test_strtcpy.c'; fi`
+
+../../lib/string/test_xasprintf-sprintf.o: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.o -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.o `test -f '../../lib/string/sprintf.c' || echo '$(srcdir)/'`../../lib/string/sprintf.c
+
+../../lib/string/test_xasprintf-sprintf.obj: ../../lib/string/sprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT ../../lib/string/test_xasprintf-sprintf.obj -MD -MP -MF ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Tpo ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='../../lib/string/sprintf.c' object='../../lib/string/test_xasprintf-sprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o ../../lib/string/test_xasprintf-sprintf.obj `if test -f '../../lib/string/sprintf.c'; then $(CYGPATH_W) '../../lib/string/sprintf.c'; else $(CYGPATH_W) '$(srcdir)/../../lib/string/sprintf.c'; fi`
+
+test_xasprintf-test_xasprintf.o: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.o -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.o `test -f 'test_xasprintf.c' || echo '$(srcdir)/'`test_xasprintf.c
+
+test_xasprintf-test_xasprintf.obj: test_xasprintf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -MT test_xasprintf-test_xasprintf.obj -MD -MP -MF $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_xasprintf-test_xasprintf.Tpo $(DEPDIR)/test_xasprintf-test_xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_xasprintf.c' object='test_xasprintf-test_xasprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_xasprintf_CFLAGS) $(CFLAGS) -c -o test_xasprintf-test_xasprintf.obj `if test -f 'test_xasprintf.c'; then $(CYGPATH_W) 'test_xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/test_xasprintf.c'; fi`
+
+test_zustr2stp-test_zustr2stp.o: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.o -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.o `test -f 'test_zustr2stp.c' || echo '$(srcdir)/'`test_zustr2stp.c
+
+test_zustr2stp-test_zustr2stp.obj: test_zustr2stp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -MT test_zustr2stp-test_zustr2stp.obj -MD -MP -MF $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/test_zustr2stp-test_zustr2stp.Tpo $(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='test_zustr2stp.c' object='test_zustr2stp-test_zustr2stp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_zustr2stp_CFLAGS) $(CFLAGS) -c -o test_zustr2stp-test_zustr2stp.obj `if test -f 'test_zustr2stp.c'; then $(CYGPATH_W) 'test_zustr2stp.c'; else $(CYGPATH_W) '$(srcdir)/test_zustr2stp.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+test_adds.log: test_adds$(EXEEXT)
+	@p='test_adds$(EXEEXT)'; \
+	b='test_adds'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_atoi_strtoi.log: test_atoi_strtoi$(EXEEXT)
+	@p='test_atoi_strtoi$(EXEEXT)'; \
+	b='test_atoi_strtoi'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_chkname.log: test_chkname$(EXEEXT)
+	@p='test_chkname$(EXEEXT)'; \
+	b='test_chkname'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_sprintf.log: test_sprintf$(EXEEXT)
+	@p='test_sprintf$(EXEEXT)'; \
+	b='test_sprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strncpy.log: test_strncpy$(EXEEXT)
+	@p='test_strncpy$(EXEEXT)'; \
+	b='test_strncpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_strtcpy.log: test_strtcpy$(EXEEXT)
+	@p='test_strtcpy$(EXEEXT)'; \
+	b='test_strtcpy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_xasprintf.log: test_xasprintf$(EXEEXT)
+	@p='test_xasprintf$(EXEEXT)'; \
+	b='test_xasprintf'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_zustr2stp.log: test_zustr2stp$(EXEEXT)
+	@p='test_zustr2stp$(EXEEXT)'; \
+	b='test_zustr2stp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test_logind.log: test_logind$(EXEEXT)
+	@p='test_logind$(EXEEXT)'; \
+	b='test_logind'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f ../../lib/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/atoi/$(am__dirstamp)
+	-rm -f ../../lib/string/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ../../lib/string/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ../../lib/$(DEPDIR)/test_adds-adds.Po
+	-rm -f ../../lib/$(DEPDIR)/test_chkname-chkname.Po
+	-rm -f ../../lib/$(DEPDIR)/test_logind-logind.Po
+	-rm -f ../../lib/atoi/$(DEPDIR)/test_atoi_strtoi-strtoi.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_sprintf-sprintf.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_strtcpy-strtcpy.Po
+	-rm -f ../../lib/string/$(DEPDIR)/test_xasprintf-sprintf.Po
+	-rm -f ./$(DEPDIR)/test_adds-test_adds.Po
+	-rm -f ./$(DEPDIR)/test_atoi_strtoi-test_atoi_strtoi.Po
+	-rm -f ./$(DEPDIR)/test_chkname-test_chkname.Po
+	-rm -f ./$(DEPDIR)/test_logind-test_logind.Po
+	-rm -f ./$(DEPDIR)/test_sprintf-test_sprintf.Po
+	-rm -f ./$(DEPDIR)/test_strncpy-test_strncpy.Po
+	-rm -f ./$(DEPDIR)/test_strtcpy-test_strtcpy.Po
+	-rm -f ./$(DEPDIR)/test_xasprintf-test_xasprintf.Po
+	-rm -f ./$(DEPDIR)/test_zustr2stp-test_zustr2stp.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/unit/test_adds.c b/tests/unit/test_adds.c
new file mode 100644
index 0000000..fdc671f
--- /dev/null
+++ b/tests/unit/test_adds.c
@@ -0,0 +1,105 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <limits.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "adds.h"
+
+
+static void test_addsl_2_ok(void **state);
+static void test_addsl_2_underflow(void **state);
+static void test_addsl_2_overflow(void **state);
+static void test_addsl_3_ok(void **state);
+static void test_addsl_3_underflow(void **state);
+static void test_addsl_3_overflow(void **state);
+static void test_addsl_5_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_addsl_2_ok),
+        cmocka_unit_test(test_addsl_2_underflow),
+        cmocka_unit_test(test_addsl_2_overflow),
+        cmocka_unit_test(test_addsl_3_ok),
+        cmocka_unit_test(test_addsl_3_underflow),
+        cmocka_unit_test(test_addsl_3_overflow),
+        cmocka_unit_test(test_addsl_5_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_addsl_2_ok(void **state)
+{
+	assert_true(addsl(1, 3)			== 1 + 3);
+	assert_true(addsl(-4321, 7)		== -4321 + 7);
+	assert_true(addsl(1, 1)			== 1 + 1);
+	assert_true(addsl(-1, -2)		== -1 - 2);
+	assert_true(addsl(LONG_MAX, -1)		== LONG_MAX - 1);
+	assert_true(addsl(LONG_MIN, 1)		== LONG_MIN + 1);
+	assert_true(addsl(LONG_MIN, LONG_MAX)	== LONG_MIN + LONG_MAX);
+	assert_true(addsl(0, 0)			== 0);
+}
+
+
+static void
+test_addsl_2_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, -1)		== LONG_MIN);
+	assert_true(addsl(LONG_MIN + 3, -7)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, LONG_MIN)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_2_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, 1)		== LONG_MAX);
+	assert_true(addsl(LONG_MAX - 3, 7)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX)	== LONG_MAX);
+}
+
+
+static void
+test_addsl_3_ok(void **state)
+{
+	assert_true(addsl(1, 2, 3)		== 1 + 2 + 3);
+	assert_true(addsl(LONG_MIN, -3, 4)	== LONG_MIN + 4 - 3);
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN)
+						== LONG_MAX + LONG_MIN + LONG_MAX);
+}
+
+
+static void
+test_addsl_3_underflow(void **state)
+{
+	assert_true(addsl(LONG_MIN, 2, -3)	== LONG_MIN);
+	assert_true(addsl(LONG_MIN, -1, 0)	== LONG_MIN);
+}
+
+
+static void
+test_addsl_3_overflow(void **state)
+{
+	assert_true(addsl(LONG_MAX, -1, 2)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, +1, 0)	== LONG_MAX);
+	assert_true(addsl(LONG_MAX, LONG_MAX, 0)== LONG_MAX);
+}
+
+
+static void
+test_addsl_5_ok(void **state)
+{
+	assert_true(addsl(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN, 44) == 42);
+}
diff --git a/tests/unit/test_atoi_strtoi.c b/tests/unit/test_atoi_strtoi.c
new file mode 100644
index 0000000..535b6ab
--- /dev/null
+++ b/tests/unit/test_atoi_strtoi.c
@@ -0,0 +1,157 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "atoi/strtoi.h"
+#include "atoi/strtou_noneg.h"
+
+
+static void test_strtoi(void **state);
+static void test_strtou(void **state);
+static void test_strtou_noneg(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_strtoi),
+        cmocka_unit_test(test_strtou),
+        cmocka_unit_test(test_strtou_noneg),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_strtoi(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtoi_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtoi_("40", &end, 5, INTMAX_MIN, INTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("-40", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == -40);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, INTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtoi_("5z", &end, 0, INTMAX_MIN, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_("42", NULL, -1, 1, 2, &status) == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_("40", &end, 5, 0, UINTMAX_MAX, &status) == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("-40", &end, 0, 0, UINTMAX_MAX, &status) == -40ull);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("z", &end, 0, 0, UINTMAX_MAX, &status) == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_(" 5", &end, 0, 3, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, UINTMAX_MAX, &status) == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_("5z", &end, 0, 0, 4, &status) == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
+
+
+static void
+test_strtou_noneg(void **state)
+{
+	int   status;
+	char  *end;
+
+	errno = 0;
+	assert_true(strtou_noneg("42", NULL, -1, 1, 2, &status)
+	            == 1);
+	assert_true(status == EINVAL);
+
+	assert_true(strtou_noneg("40", &end, 5, 0, UINTMAX_MAX, &status)
+	            == 20);
+	assert_true(status == 0);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("-40", &end, 0, 2, UINTMAX_MAX, &status)
+	            == 2);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 0);
+	assert_true(status == ECANCELED);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg(" 5", &end, 0, 3, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, UINTMAX_MAX, &status)
+	            == 5);
+	assert_true(status == ENOTSUP);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(strtou_noneg("5z", &end, 0, 0, 4, &status)
+	            == 4);
+	assert_true(status == ERANGE);
+	assert_true(strcmp(end, "z") == 0);
+
+	assert_true(errno == 0);
+}
diff --git a/tests/unit/test_chkname.c b/tests/unit/test_chkname.c
new file mode 100644
index 0000000..e0f9f84
--- /dev/null
+++ b/tests/unit/test_chkname.c
@@ -0,0 +1,149 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "alloc.h"
+#include "chkname.h"
+
+
+static void test_is_valid_user_name_ok(void **state);
+static void test_is_valid_user_name_ok_dollar(void **state);
+static void test_is_valid_user_name_nok_dash(void **state);
+static void test_is_valid_user_name_nok_dir(void **state);
+static void test_is_valid_user_name_nok_dollar(void **state);
+static void test_is_valid_user_name_nok_empty(void **state);
+static void test_is_valid_user_name_nok_numeric(void **state);
+static void test_is_valid_user_name_nok_otherchars(void **state);
+static void test_is_valid_user_name_long(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_is_valid_user_name_ok),
+        cmocka_unit_test(test_is_valid_user_name_ok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_dash),
+        cmocka_unit_test(test_is_valid_user_name_nok_dir),
+        cmocka_unit_test(test_is_valid_user_name_nok_dollar),
+        cmocka_unit_test(test_is_valid_user_name_nok_empty),
+        cmocka_unit_test(test_is_valid_user_name_nok_numeric),
+        cmocka_unit_test(test_is_valid_user_name_nok_otherchars),
+        cmocka_unit_test(test_is_valid_user_name_long),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_is_valid_user_name_ok(void **state)
+{
+	assert_true(is_valid_user_name("alx"));
+	assert_true(is_valid_user_name("u-ser"));
+	assert_true(is_valid_user_name("u"));
+	assert_true(is_valid_user_name("I"));
+	assert_true(is_valid_user_name("_"));
+	assert_true(is_valid_user_name("_.-"));
+	assert_true(is_valid_user_name(".007"));
+	assert_true(is_valid_user_name("0_0"));
+	assert_true(is_valid_user_name("some_longish_user_name_sHould_also_be_valid.wHY_not"));
+}
+
+
+static void
+test_is_valid_user_name_ok_dollar(void **state)
+{
+	// Non-POSIX extension for Samba 3.x "add machine script".
+	assert_true(is_valid_user_name("dollar$"));
+	assert_true(is_valid_user_name("SSS$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dash(void **state)
+{
+	assert_true(false == is_valid_user_name("-"));
+	assert_true(false == is_valid_user_name("-not-valid"));
+	assert_true(false == is_valid_user_name("--C"));
+}
+
+
+static void
+test_is_valid_user_name_nok_dir(void **state)
+{
+	assert_true(false == is_valid_user_name("."));
+	assert_true(false == is_valid_user_name(".."));
+}
+
+
+static void
+test_is_valid_user_name_nok_dollar(void **state)
+{
+	assert_true(false == is_valid_user_name("$"));
+	assert_true(false == is_valid_user_name("$dollar"));
+	assert_true(false == is_valid_user_name("mo$ney"));
+	assert_true(false == is_valid_user_name("do$$ar"));
+	assert_true(false == is_valid_user_name("foo$bar$"));
+}
+
+
+static void
+test_is_valid_user_name_nok_empty(void **state)
+{
+	assert_true(false == is_valid_user_name(""));
+}
+
+
+static void
+test_is_valid_user_name_nok_numeric(void **state)
+{
+	assert_true(false == is_valid_user_name("6"));
+	assert_true(false == is_valid_user_name("42"));
+}
+
+
+static void
+test_is_valid_user_name_nok_otherchars(void **state)
+{
+	assert_true(false == is_valid_user_name("no spaces"));
+	assert_true(false == is_valid_user_name("no,"));
+	assert_true(false == is_valid_user_name("no;"));
+	assert_true(false == is_valid_user_name("no:"));
+}
+
+
+static void
+test_is_valid_user_name_long(void **state)
+{
+	size_t  max;
+	char    *name;
+
+	max = sysconf(_SC_LOGIN_NAME_MAX);
+	name = MALLOC(max + 1, char);
+	assert_true(name != NULL);
+
+	memset(name, '_', max);
+
+	name[max] = '\0';
+	assert_true(false == is_valid_user_name(name));
+
+	name[max - 1] = '\0';
+	assert_true(is_valid_user_name(name));
+
+	free(name);
+}
diff --git a/tests/unit/test_logind.c b/tests/unit/test_logind.c
new file mode 100644
index 0000000..f91782c
--- /dev/null
+++ b/tests/unit/test_logind.c
@@ -0,0 +1,69 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <pwd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#include "prototypes.h"
+
+/***********************
+ * WRAPPERS
+ **********************/
+struct passwd *
+__wrap_prefix_getpwnam(uid_t uid)
+{
+    return (struct passwd*) mock();
+}
+
+int
+__wrap_sd_uid_get_sessions(uid_t uid, int require_active, char ***sessions)
+{
+    return mock();
+}
+
+/***********************
+ * TEST
+ **********************/
+static void test_active_sessions_count_return_ok(void **state)
+{
+    int count;
+    struct passwd *pw = malloc(sizeof(struct passwd));
+
+    will_return(__wrap_prefix_getpwnam, pw);
+    will_return(__wrap_sd_uid_get_sessions, 1);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 1);
+}
+
+static void test_active_sessions_count_prefix_getpwnam_failure(void **state)
+{
+    int count;
+    struct passwd *pw = NULL;
+
+    will_return(__wrap_prefix_getpwnam, pw);
+
+    count = active_sessions_count("testuser", 0);
+
+    assert_int_equal(count, 0);
+}
+
+int main(void)
+{
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_active_sessions_count_return_ok),
+        cmocka_unit_test(test_active_sessions_count_prefix_getpwnam_failure),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/unit/test_sprintf.c b/tests/unit/test_sprintf.c
new file mode 100644
index 0000000..bedcff6
--- /dev/null
+++ b/tests/unit/test_sprintf.c
@@ -0,0 +1,66 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/sprintf.h"
+
+
+static void test_SNPRINTF_trunc(void **state);
+static void test_SNPRINTF_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_SNPRINTF_trunc),
+        cmocka_unit_test(test_SNPRINTF_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_SNPRINTF_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(SNPRINTF(buf, "f%su", "oo") < 0);
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "barbaz") == -1);
+	assert_true(strcmp(buf, "bar") == 0);
+}
+
+
+static void
+test_SNPRINTF_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_true(SNPRINTF(buf, "%s", "foo") == strlen("foo"));
+	assert_true(strcmp(buf, "foo") == 0);
+
+	assert_true(SNPRINTF(buf, "%do", 1) == strlen("1o"));
+	assert_true(strcmp(buf, "1o") == 0);
+
+	assert_true(SNPRINTF(buf, "f") == strlen("f"));
+	assert_true(strcmp(buf, "f") == 0);
+
+	assert_true(SNPRINTF(buf, "") == strlen(""));
+	assert_true(strcmp(buf, "") == 0);
+}
diff --git a/tests/unit/test_strncpy.c b/tests/unit/test_strncpy.c
new file mode 100644
index 0000000..968765b
--- /dev/null
+++ b/tests/unit/test_strncpy.c
@@ -0,0 +1,85 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strncpy.h"
+
+
+static void test_STRNCPY_trunc(void **state);
+static void test_STRNCPY_fit(void **state);
+static void test_STRNCPY_pad(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRNCPY_trunc),
+        cmocka_unit_test(test_STRNCPY_fit),
+        cmocka_unit_test(test_STRNCPY_pad),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRNCPY_trunc(void **state)
+{
+	char  buf[3];
+
+	char  src1[4] = {'f', 'o', 'o', 'o'};
+	char  res1[3] = {'f', 'o', 'o'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[5] = "barb";
+	char  res2[3] = {'b', 'a', 'r'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_fit(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = {'b', 'a', 'z'};
+	char  res1[3] = {'b', 'a', 'z'};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[4] = "qwe";
+	char  res2[3] = {'q', 'w', 'e'};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+}
+
+
+static void
+test_STRNCPY_pad(void **state)
+{
+	char  buf[3];
+
+	char  src1[3] = "as";
+	char  res1[3] = {'a', 's', 0};
+	assert_true(memcmp(res1, STRNCPY(buf, src1), sizeof(buf)) == 0);
+
+	char  src2[3] = "";
+	char  res2[3] = {0, 0, 0};
+	assert_true(memcmp(res2, STRNCPY(buf, src2), sizeof(buf)) == 0);
+
+	char  src3[3] = {'a', 0, 'b'};
+	char  res3[3] = {'a', 0, 0};
+	assert_true(memcmp(res3, STRNCPY(buf, src3), sizeof(buf)) == 0);
+}
diff --git a/tests/unit/test_strtcpy.c b/tests/unit/test_strtcpy.c
new file mode 100644
index 0000000..12351a5
--- /dev/null
+++ b/tests/unit/test_strtcpy.c
@@ -0,0 +1,67 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "sizeof.h"
+#include "string/strtcpy.h"
+
+
+static void test_STRTCPY_trunc(void **state);
+static void test_STRTCPY_ok(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_STRTCPY_trunc),
+        cmocka_unit_test(test_STRTCPY_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_STRTCPY_trunc(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	// Test that we're not returning SIZE_MAX
+	assert_true(STRTCPY(buf, "fooo") < 0);
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "barbaz"), -1);
+	assert_string_equal(buf, "bar");
+}
+
+
+static void
+test_STRTCPY_ok(void **state)
+{
+	char  buf[NITEMS("foo")];
+
+	assert_int_equal(STRTCPY(buf, "foo"), strlen("foo"));
+	assert_string_equal(buf, "foo");
+
+	assert_int_equal(STRTCPY(buf, "fo"), strlen("fo"));
+	assert_string_equal(buf, "fo");
+
+	assert_int_equal(STRTCPY(buf, "f"), strlen("f"));
+	assert_string_equal(buf, "f");
+
+	assert_int_equal(STRTCPY(buf, ""), strlen(""));
+	assert_string_equal(buf, "");
+}
diff --git a/tests/unit/test_xasprintf.c b/tests/unit/test_xasprintf.c
new file mode 100644
index 0000000..4b5d093
--- /dev/null
+++ b/tests/unit/test_xasprintf.c
@@ -0,0 +1,114 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <setjmp.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/sprintf.h"
+
+
+#define assert_unreachable()  assert_true(0)
+
+#define XASPRINTF_CALLED  (-36)
+#define EXIT_CALLED       (42)
+#define TEST_OK           (-6)
+
+
+static jmp_buf  jmpb;
+
+
+/**********************
+ * WRAPPERS
+ **********************/
+int __real_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+int __wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap);
+void __wrap_exit(int status);
+
+
+int
+__wrap_vasprintf(char **restrict p, const char *restrict fmt, va_list ap)
+{
+	return mock() == -1 ? -1 : __real_vasprintf(p, fmt, ap);
+}
+
+
+void
+__wrap_exit(int status)
+{
+	longjmp(jmpb, EXIT_CALLED);
+}
+
+
+/**********************
+ * TEST
+ **********************/
+static void test_xasprintf_exit(void **state);
+static void test_xasprintf_ok(void **state);
+
+
+static void
+test_xasprintf_exit(void **state)
+{
+	volatile int    len;
+	char *volatile  p;
+
+	will_return(__wrap_vasprintf, -1);
+
+	len = 0;
+
+	switch (setjmp(jmpb)) {
+	case 0:
+		len = XASPRINTF_CALLED;
+		len = xasprintf(&p, "foo%s", "bar");
+		assert_unreachable();
+		break;
+	case EXIT_CALLED:
+		assert_int_equal(len, XASPRINTF_CALLED);
+		len = TEST_OK;
+		break;
+	default:
+		assert_unreachable();
+		break;
+	}
+
+	assert_int_equal(len, TEST_OK);
+}
+
+
+static void
+test_xasprintf_ok(void **state)
+{
+	int   len;
+	char  *p;
+
+	// Trick: it will actually return the length, not 0.
+	will_return(__wrap_vasprintf, 0);
+
+	len = xasprintf(&p, "foo%d%s", 1, "bar");
+	assert_int_equal(len, strlen("foo1bar"));
+	assert_string_equal(p, "foo1bar");
+	free(p);
+}
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_xasprintf_exit),
+        cmocka_unit_test(test_xasprintf_ok),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/tests/unit/test_zustr2stp.c b/tests/unit/test_zustr2stp.c
new file mode 100644
index 0000000..198d2eb
--- /dev/null
+++ b/tests/unit/test_zustr2stp.c
@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#include <stdarg.h>  // Required by <cmocka.h>
+#include <stddef.h>  // Required by <cmocka.h>
+#include <setjmp.h>  // Required by <cmocka.h>
+#include <stdint.h>  // Required by <cmocka.h>
+#include <cmocka.h>
+
+#include "string/zustr2stp.h"
+
+
+static void test_ZUSTR2STP(void **state);
+
+
+int
+main(void)
+{
+    const struct CMUnitTest  tests[] = {
+        cmocka_unit_test(test_ZUSTR2STP),
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
+
+
+static void
+test_ZUSTR2STP(void **state)
+{
+	char  src[3] = {'1', '2', '3'};
+	char  dst[4];
+
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("123"));
+	assert_true(strcmp("123", dst) == 0);
+
+	src[2] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("12"));
+	assert_true(strcmp("12", dst) == 0);
+
+	src[1] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen("1"));
+	assert_true(strcmp("1", dst) == 0);
+
+	src[0] = '\0';
+	assert_true(ZUSTR2STP(&dst, src) == dst + strlen(""));
+	assert_true(strcmp("", dst) == 0);
+}